Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
all the necessary information.scr

Overview

General Information

Sample name:all the necessary information.scr
Analysis ID:1355302
MD5:df5ac38d7bc0233a2775fe6a54db880a
SHA1:b5e261d8e49ce7f6170e270de1a1f875333dfdca
SHA256:99e11573d54e8379e7fc2d5b2233764cef0b4f6a910ddca9df64e8aa09c3822c
Infos:

Detection

Vidar
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:47
Range:0 - 100

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199577999137", "https://t.me/redcarsc"], "Botnet": "e4dee63026d7a45f71e722a28e306835", "Version": "6.8"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000000.1331728696.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    Process Memory Space: all the necessary information.scr PID: 6496JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      Process Memory Space: all the necessary information.scr PID: 6496JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: all the necessary information.scr PID: 6496JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 0.2.all the necessary information.scr.2a510000.0.raw.unpackMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199577999137", "https://t.me/redcarsc"], "Botnet": "e4dee63026d7a45f71e722a28e306835", "Version": "6.8"}
          Multi AV Scanner detection for submitted file
          Source: all the necessary information.scrReversingLabs: Detection: 21%
          Source: all the necessary information.scr, 00000000.00000000.1331728696.0000000000416000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_9d0ce2fd-b

          Compliance

          barindex
          Uses 32bit PE files
          Source: all the necessary information.scrStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          PE / OLE file has a valid certificate
          Source: all the necessary information.scrStatic PE information: certificate valid
          Uses secure TLS version for HTTPS connections
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49702 version: TLS 1.2
          Binary contains paths to debug symbols
          Source: Binary string: wntdll.pdbUGP source: all the necessary information.scr, 00000000.00000002.1671941236.000000002A6A0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: all the necessary information.scr, 00000000.00000002.1671941236.000000002A6A0000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199577999137
          Source: Malware configuration extractorURLs: https://t.me/redcarsc
          Source: global trafficTCP traffic: 192.168.2.7:49703 -> 116.202.183.33:25565
          Source: global trafficHTTP traffic detected: GET /redcarsc HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: Joe Sandbox ViewIP Address: 116.202.183.33 116.202.183.33
          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: unknownTCP traffic detected without corresponding DNS query: 116.202.183.33
          Source: global trafficHTTP traffic detected: GET /redcarsc HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: unknownDNS traffic detected: queries for: t.me
          Source: all the necessary information.scrString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
          Source: all the necessary information.scrString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
          Source: all the necessary information.scrString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
          Source: all the necessary information.scrString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
          Source: all the necessary information.scrString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
          Source: all the necessary information.scrString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
          Source: all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
          Source: all the necessary information.scr, 00000000.00000003.1441372122.00000000287B3000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000003.1481977492.0000000028781000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?65d6e8d072e9f
          Source: all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enI
          Source: all the necessary information.scrString found in binary or memory: http://ocsps.ssl.com0
          Source: all the necessary information.scrString found in binary or memory: http://ocsps.ssl.com0?
          Source: all the necessary information.scr, 00000000.00000003.1430749832.0000000028766000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000003.1481977492.0000000028781000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
          Source: all the necessary information.scrString found in binary or memory: http://www.openswatchbook.org/uri/2009/osb
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drString found in binary or memory: http://www.sqlite.org/copyright.html.
          Source: all the necessary information.scrString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
          Source: all the necessary information.scrString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
          Source: all the necessary information.scr, 00000000.00000003.1481977492.0000000028772000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1669874156.0000000028772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33/
          Source: all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A9D7000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/$t
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/%
          Source: all the necessary information.scr, 00000000.00000003.1481977492.0000000028769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/(
          Source: all the necessary information.scr, 00000000.00000003.1481794496.000000002B760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/0Qy
          Source: all the necessary information.scr, 00000000.00000003.1481794496.000000002B760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/:081.SF
          Source: all the necessary information.scr, 00000000.00000003.1481794496.000000002B760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/?Qt
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/Authority
          Source: all the necessary information.scr, 00000000.00000002.1669874156.00000000286C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/E
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/FHJKFCGIEBGIIJDdQ
          Source: all the necessary information.scr, 00000000.00000002.1669874156.000000002879A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/M
          Source: all the necessary information.scr, 00000000.00000002.1669874156.00000000286C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/a
          Source: all the necessary information.scr, 00000000.00000003.1481977492.0000000028769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/bM
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/cruntime140.dll~Q
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/freebl3.dll
          Source: all the necessary information.scr, 00000000.00000002.1669874156.00000000286C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/freebl3.dll%
          Source: all the necessary information.scr, 00000000.00000003.1481866655.000000002879D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/g
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/mozglue.dll
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/mozglue.dll5
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/msvcp140.dll
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B768000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1669874156.0000000028781000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/nss3.dll
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B768000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/nss3.dllCw
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/softokn3.dll
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/softokn3.dllI
          Source: all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/sqlite3.dll
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/vcruntime140.dll
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/vcruntime140.dll?Qt
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565/vcruntime140.dlll0Qy
          Source: all the necessary information.scr, 00000000.00000002.1672973105.000000002A9D7000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565ne
          Source: all the necessary information.scr, 00000000.00000002.1672973105.000000002AA15000.00000040.00001000.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A9D7000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565ontent-Disposition:
          Source: all the necessary information.scr, 00000000.00000003.1481977492.0000000028772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.183.33:25565x(
          Source: IDBAKKEC.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: IDBAKKEC.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: IDBAKKEC.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: IDBAKKEC.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: all the necessary information.scrString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/)
          Source: IDBAKKEC.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: IDBAKKEC.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: IDBAKKEC.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: all the necessary information.scr, 00000000.00000002.1671689348.000000002A510000.00000004.00001000.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A951000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199577999137
          Source: all the necessary information.scr, 00000000.00000002.1671689348.000000002A510000.00000004.00001000.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A951000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199577999137sp77d
          Source: all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
          Source: all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/K
          Source: all the necessary information.scr, 00000000.00000002.1671633048.000000002A4F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/red
          Source: all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A951000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/redcarsc
          Source: all the necessary information.scr, 00000000.00000002.1671689348.000000002A510000.00000004.00001000.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A951000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/redcarscsp77dMozilla/5.0
          Source: all the necessary information.scr, 00000000.00000003.1430749832.0000000028766000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
          Source: all the necessary information.scrString found in binary or memory: https://www.abyssmedia.com/
          Source: all the necessary information.scrString found in binary or memory: https://www.abyssmedia.com/audioretoucher/audioretoucher.xml
          Source: all the necessary information.scrString found in binary or memory: https://www.abyssmedia.com/audioretoucher/open
          Source: all the necessary information.scrString found in binary or memory: https://www.abyssmedia.com/downloads/audioretoucher.exe
          Source: all the necessary information.scrString found in binary or memory: https://www.abyssmedia.com/order.shtml?ref=AudioRetoucheropenSV
          Source: all the necessary information.scrString found in binary or memory: https://www.abyssmedia.com/order.shtml?ref=audioretoucheropen
          Source: all the necessary information.scrString found in binary or memory: https://www.abyssmedia.com/pad/getpad.php?pad=
          Source: IDBAKKEC.0.drString found in binary or memory: https://www.ecosia.org/newtab/
          Source: IDBAKKEC.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: all the necessary information.scrString found in binary or memory: https://www.ssl.com/repository0
          Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49702 version: TLS 1.2
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E88FCA0_2_61E88FCA
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61EAD2AC0_2_61EAD2AC
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E4B8A10_2_61E4B8A1
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E75F1F0_2_61E75F1F
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E400650_2_61E40065
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E9E24F0_2_61E9E24F
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E5023C0_2_61E5023C
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E625540_2_61E62554
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E4E4BF0_2_61E4E4BF
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E947830_2_61E94783
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E7A7900_2_61E7A790
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E187360_2_61E18736
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E866680_2_61E86668
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E586700_2_61E58670
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E108560_2_61E10856
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61EA0BA90_2_61EA0BA9
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E62CA30_2_61E62CA3
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E98FE20_2_61E98FE2
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E52F800_2_61E52F80
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61EA2F470_2_61EA2F47
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E56F180_2_61E56F18
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E4CEF90_2_61E4CEF9
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E1EEFF0_2_61E1EEFF
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E64E0C0_2_61E64E0C
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61EA91F60_2_61EA91F6
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E9316A0_2_61E9316A
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E9F0ED0_2_61E9F0ED
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61EA70CF0_2_61EA70CF
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E9D0C30_2_61E9D0C3
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E8D0B60_2_61E8D0B6
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E6904E0_2_61E6904E
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E4304E0_2_61E4304E
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E153370_2_61E15337
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E192080_2_61E19208
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E534E30_2_61E534E3
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E774520_2_61E77452
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E379300_2_61E37930
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E7B85E0_2_61E7B85E
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E218160_2_61E21816
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E9FBF00_2_61E9FBF0
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E55BD70_2_61E55BD7
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61EA5B620_2_61EA5B62
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E91DC10_2_61E91DC1
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E6DDA50_2_61E6DDA5
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E31DAB0_2_61E31DAB
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E95D7A0_2_61E95D7A
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E25FA20_2_61E25FA2
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E1DEC20_2_61E1DEC2
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E69E8F0_2_61E69E8F
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E89E0E0_2_61E89E0E
          Source: all the necessary information.scrStatic PE information: Number of sections : 12 > 10
          Source: sqlite3[1].dll.0.drStatic PE information: Number of sections : 18 > 10
          Source: all the necessary information.scr, 00000000.00000002.1671941236.000000002A7CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs all the necessary information.scr
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: libflac.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: cryptnet.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: cabinet.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: nss3.dllJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrSection loaded: windowscodecs.dllJump to behavior
          Source: all the necessary information.scrStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: classification engineClassification label: mal92.troj.spyw.evad.winSCR@1/11@1/2
          Source: C:\Users\user\Desktop\all the necessary information.scrFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\O7YP6MB0.htmJump to behavior
          Source: Yara matchFile source: 00000000.00000000.1331728696.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\all the necessary information.scrKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
          Source: all the necessary information.scr, 00000000.00000003.1545479215.000000002BC8B000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000003.1557976684.000000002BCA9000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDGIEGCAKFIIJKF.0.dr, KJJJJDHIDBGHIDHIDAFB.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
          Source: all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
          Source: all the necessary information.scrReversingLabs: Detection: 21%
          Source: C:\Users\user\Desktop\all the necessary information.scrKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
          Source: all the necessary information.scrStatic PE information: certificate valid
          Source: all the necessary information.scrStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: all the necessary information.scrStatic file information: File size 672236584 > 1048576
          Source: all the necessary information.scrStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x22d200
          Source: all the necessary information.scrStatic PE information: Raw size of Earqtput is bigger than: 0x100000 < 0x27e79600
          Source: Binary string: wntdll.pdbUGP source: all the necessary information.scr, 00000000.00000002.1671941236.000000002A6A0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: all the necessary information.scr, 00000000.00000002.1671941236.000000002A6A0000.00000040.00001000.00020000.00000000.sdmp
          Source: all the necessary information.scrStatic PE information: section name: .didata
          Source: all the necessary information.scrStatic PE information: section name: Earqtput
          Source: sqlite3[1].dll.0.drStatic PE information: section name: /4
          Source: sqlite3[1].dll.0.drStatic PE information: section name: /19
          Source: sqlite3[1].dll.0.drStatic PE information: section name: /31
          Source: sqlite3[1].dll.0.drStatic PE information: section name: /45
          Source: sqlite3[1].dll.0.drStatic PE information: section name: /57
          Source: sqlite3[1].dll.0.drStatic PE information: section name: /70
          Source: sqlite3[1].dll.0.drStatic PE information: section name: /81
          Source: sqlite3[1].dll.0.drStatic PE information: section name: /92
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A221A37 push dword ptr [esp+04h]; retn 0008h0_2_2A221A09
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A221A11 push dword ptr [esp+04h]; retn 0008h0_2_2A221A09
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A221A55 push dword ptr [esp+04h]; retn 0008h0_2_2A221A09
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A223824 push bp; mov dword ptr [esp], eax0_2_2A22387B
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A22383F push bp; mov dword ptr [esp], eax0_2_2A22387B
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A223845 push bp; mov dword ptr [esp], eax0_2_2A22387B
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2238C7 push bp; mov dword ptr [esp], eax0_2_2A22387B
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225917 push word ptr [esp+09h]; mov dword ptr [esp], esp0_2_2A22595E
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2219AB push dword ptr [esp+04h]; retn 0008h0_2_2A221A09
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2219BB push dword ptr [esp+04h]; retn 0008h0_2_2A221A09
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A22199A push dword ptr [esp+04h]; retn 0008h0_2_2A221A09
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2219F6 push dword ptr [esp+04h]; retn 0008h0_2_2A221A09
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A222F59 push dword ptr [esp+04h]; mov dword ptr [esp], esp0_2_2A222F69
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A222F5D push dword ptr [esp+04h]; mov dword ptr [esp], esp0_2_2A222F69
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225D29 push word ptr [esp+03h]; mov dword ptr [esp], ecx0_2_2A225CFD
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225D31 pushfd ; mov dword ptr [esp], ecx0_2_2A225D6D
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225D5E pushfd ; mov dword ptr [esp], ecx0_2_2A225D6D
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A223379 push ebp; mov dword ptr [esp], edi0_2_2A223397
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A22561D push dword ptr [esp+10h]; retn 0014h0_2_2A22565D
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A221664 push 245C4079h; iretd 0_2_2A221669
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225668 push dword ptr [esp+24h]; retn 0028h0_2_2A2256BA
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A22165A pushfd ; mov dword ptr [esp], ebp0_2_2A2215ED
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A221658 pushfd ; mov dword ptr [esp], ebp0_2_2A2215ED
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2256A5 push dword ptr [esp+24h]; retn 0028h0_2_2A2256BA
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2216B1 pushfd ; mov dword ptr [esp], ebp0_2_2A2215ED
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2256BE push dword ptr [esp+24h]; retn 0028h0_2_2A2256BA
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225691 push dword ptr [esp+24h]; retn 0028h0_2_2A2256BA
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A221694 pushfd ; mov dword ptr [esp], ebp0_2_2A2215ED
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2216E3 pushfd ; mov dword ptr [esp], ebp0_2_2A2215ED
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2256C5 push dword ptr [esp+24h]; retn 0028h0_2_2A2256BA
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2256D4 push dword ptr [esp+30h]; retn 0034h0_2_2A22574C
          Source: C:\Users\user\Desktop\all the necessary information.scrFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\sqlite3[1].dllJump to dropped file
          Source: C:\Users\user\Desktop\all the necessary information.scrRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: all the necessary information.scr PID: 6496, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: all the necessary information.scr, 00000000.00000002.1672973105.000000002A951000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: !"#$%&'()*+,-./0123@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/AVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A222F9E rdtsc 0_2_2A222F9E
          Source: C:\Users\user\Desktop\all the necessary information.scrDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\sqlite3[1].dllJump to dropped file
          Source: C:\Users\user\Desktop\all the necessary information.scrAPI coverage: 2.2 %
          Source: C:\Users\user\Desktop\all the necessary information.scrKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E354D1 sqlite3_os_init,GetSystemInfo,0_2_61E354D1
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
          Source: KJEHCGDB.0.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
          Source: KJEHCGDB.0.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
          Source: KJEHCGDB.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
          Source: KJEHCGDB.0.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
          Source: KJEHCGDB.0.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: outlook.office.comVMware20,11696492231s
          Source: KJEHCGDB.0.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: AMC password management pageVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: interactivebrokers.comVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
          Source: all the necessary information.scr, 00000000.00000002.1669874156.00000000286C8000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1669874156.0000000028737000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: KJEHCGDB.0.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
          Source: KJEHCGDB.0.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: outlook.office365.comVMware20,11696492231t
          Source: KJEHCGDB.0.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
          Source: KJEHCGDB.0.drBinary or memory string: discord.comVMware20,11696492231f
          Source: KJEHCGDB.0.drBinary or memory string: global block list test formVMware20,11696492231
          Source: all the necessary information.scr, 00000000.00000002.1669874156.0000000028737000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWZ
          Source: KJEHCGDB.0.drBinary or memory string: dev.azure.comVMware20,11696492231j
          Source: KJEHCGDB.0.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
          Source: KJEHCGDB.0.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
          Source: KJEHCGDB.0.drBinary or memory string: bankofamerica.comVMware20,11696492231x
          Source: KJEHCGDB.0.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
          Source: KJEHCGDB.0.drBinary or memory string: tasks.office.comVMware20,11696492231o
          Source: all the necessary information.scr, 00000000.00000002.1669874156.00000000286C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
          Source: KJEHCGDB.0.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
          Source: KJEHCGDB.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
          Source: KJEHCGDB.0.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
          Source: KJEHCGDB.0.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
          Source: KJEHCGDB.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
          Source: KJEHCGDB.0.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
          Source: C:\Users\user\Desktop\all the necessary information.scrProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A222F9E rdtsc 0_2_2A222F9E
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225ACD mov edx, dword ptr fs:[00000030h]0_2_2A225ACD
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225B15 mov eax, dword ptr fs:[00000030h]0_2_2A225B15
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A225B72 mov eax, dword ptr fs:[00000030h]0_2_2A225B72
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A22235C mov ebx, dword ptr fs:[00000030h]0_2_2A22235C
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2233C8 mov eax, dword ptr fs:[00000030h]0_2_2A2233C8
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A2210F9 mov edx, dword ptr fs:[00000030h]0_2_2A2210F9
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A222716 mov edx, dword ptr fs:[00000030h]0_2_2A222716
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_2A226480 mov eax, dword ptr fs:[00000030h]0_2_2A226480
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61EAF900 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,0_2_61EAF900
          Source: C:\Users\user\Desktop\all the necessary information.scrMemory protected: page guardJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61EAF850 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_61EAF850
          Source: all the necessary information.scr, 00000000.00000002.1674384182.000000002B768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\all the necessary information.scrWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected Vidar stealer
          Source: Yara matchFile source: Process Memory Space: all the necessary information.scr PID: 6496, type: MEMORYSTR
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Source: all the necessary information.scrString found in binary or memory: \ElectronCash\wallets\
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Source: all the necessary information.scrString found in binary or memory: Jaxx Desktop (old)
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Source: all the necessary information.scrString found in binary or memory: \Exodus\exodus.wallet\
          Source: all the necessary information.scrString found in binary or memory: info.seco
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Source: all the necessary information.scrString found in binary or memory: \jaxx\Local Storage\
          Source: all the necessary information.scrString found in binary or memory: passphrase.json
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Source: all the necessary information.scrString found in binary or memory: \Exodus\exodus.wallet\
          Source: all the necessary information.scrString found in binary or memory: sktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|B
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Source: all the necessary information.scrString found in binary or memory: MultiDoge
          Source: all the necessary information.scrString found in binary or memory: \Exodus\exodus.wallet\
          Source: all the necessary information.scrString found in binary or memory: seed.seco
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Source: all the necessary information.scrString found in binary or memory: wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exo
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\all the necessary information.scrFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
          Source: Yara matchFile source: Process Memory Space: all the necessary information.scr PID: 6496, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Vidar stealer
          Source: Yara matchFile source: Process Memory Space: all the necessary information.scr PID: 6496, type: MEMORYSTR
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E1307A sqlite3_transfer_bindings,0_2_61E1307A
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D5E6 sqlite3_bind_int64,0_2_61E2D5E6
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D595 sqlite3_bind_double,0_2_61E2D595
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E0B431 sqlite3_clear_bindings,0_2_61E0B431
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E037F3 sqlite3_value_frombind,0_2_61E037F3
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D781 sqlite3_bind_zeroblob64,0_2_61E2D781
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D714 sqlite3_bind_zeroblob,0_2_61E2D714
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D68C sqlite3_bind_pointer,0_2_61E2D68C
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D65B sqlite3_bind_null,0_2_61E2D65B
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D635 sqlite3_bind_int,0_2_61E2D635
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D9B0 sqlite3_bind_value,0_2_61E2D9B0
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D981 sqlite3_bind_text16,0_2_61E2D981
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D945 sqlite3_bind_text64,0_2_61E2D945
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D916 sqlite3_bind_text,0_2_61E2D916
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D8E7 sqlite3_bind_blob64,0_2_61E2D8E7
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E038CA sqlite3_bind_parameter_count,0_2_61E038CA
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E158CA sqlite3_bind_parameter_index,0_2_61E158CA
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E038DC sqlite3_bind_parameter_name,0_2_61E038DC
          Source: C:\Users\user\Desktop\all the necessary information.scrCode function: 0_2_61E2D8B8 sqlite3_bind_blob,0_2_61E2D8B8

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
          Valid Accounts1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Masquerading          		2
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services11
          Archive Collected Data          		Exfiltration Over Other Network Medium11
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory1
          Query Registry          		Remote Desktop Protocol3
          Data from Local System          		Exfiltration Over Bluetooth1
          Non-Standard Port          		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
          Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Obfuscated Files or Information          		Security Account Manager131
          Security Software Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
          Ingress Tool Transfer          		Data Encrypted for ImpactDNS ServerEmail Addresses
          Local AccountsCronLogin HookLogin Hook1
          DLL Side-Loading          		NTDS1
          Process Discovery          		Distributed Component Object ModelInput CaptureTraffic Duplication2
          Non-Application Layer Protocol          		Data DestructionVirtual Private ServerEmployee Names
          Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
          File and Directory Discovery          		SSHKeyloggingScheduled Transfer13
          Application Layer Protocol          		Data Encrypted for ImpactServerGather Victim Network Information
          Replication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials23
          System Information Discovery          		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          all the necessary information.scr22%ReversingLabsWin32.Trojan.Vidar

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\sqlite3[1].dll0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://ocsps.ssl.com0?0%URL Reputationsafe
          http://ocsps.ssl.com00%URL Reputationsafe
          http://www.microsoft.c0%URL Reputationsafe
          https://116.202.183.33:25565/mozglue.dll50%Avira URL Cloudsafe
          https://116.202.183.33:25565/(0%Avira URL Cloudsafe
          https://116.202.183.33:25565/bM0%Avira URL Cloudsafe
          https://116.202.183.33:25565/vcruntime140.dll0%Avira URL Cloudsafe
          https://116.202.183.33:25565/softokn3.dll0%Avira URL Cloudsafe
          https://116.202.183.33:25565/freebl3.dll0%Avira URL Cloudsafe
          https://116.202.183.33:25565/sqlite3.dll0%Avira URL Cloudsafe
          https://www.abyssmedia.com/0%Avira URL Cloudsafe
          https://116.202.183.33:25565/freebl3.dll%0%Avira URL Cloudsafe
          https://116.202.183.33:25565/0%Avira URL Cloudsafe
          https://116.202.183.33:25565/%0%Avira URL Cloudsafe
          https://116.202.183.33:25565x(0%Avira URL Cloudsafe
          https://www.abyssmedia.com/order.shtml?ref=AudioRetoucheropenSV0%Avira URL Cloudsafe
          https://116.202.183.33:25565/0Qy0%Avira URL Cloudsafe
          https://116.202.183.33/0%Avira URL Cloudsafe
          https://116.202.183.33:25565/cruntime140.dll~Q0%Avira URL Cloudsafe
          https://116.202.183.33:25565/nss3.dllCw0%Avira URL Cloudsafe
          https://www.abyssmedia.com/audioretoucher/open0%Avira URL Cloudsafe
          https://116.202.183.33:25565/Authority0%Avira URL Cloudsafe
          https://116.202.183.33:25565/nss3.dll0%Avira URL Cloudsafe
          https://116.202.183.33:25565/$t0%Avira URL Cloudsafe
          https://116.202.183.33:25565/vcruntime140.dll?Qt0%Avira URL Cloudsafe
          https://116.202.183.33:25565/:081.SF0%Avira URL Cloudsafe
          https://116.202.183.33:25565ne0%Avira URL Cloudsafe
          https://116.202.183.33:25565/a0%Avira URL Cloudsafe
          https://116.202.183.33:25565/msvcp140.dll0%Avira URL Cloudsafe
          https://www.abyssmedia.com/order.shtml?ref=audioretoucheropen0%Avira URL Cloudsafe
          https://116.202.183.33:25565/softokn3.dllI0%Avira URL Cloudsafe
          https://www.abyssmedia.com/audioretoucher/audioretoucher.xml0%Avira URL Cloudsafe
          https://www.abyssmedia.com/downloads/audioretoucher.exe0%Avira URL Cloudsafe
          https://116.202.183.33:25565/g0%Avira URL Cloudsafe
          https://116.202.183.33:25565/FHJKFCGIEBGIIJDdQ0%Avira URL Cloudsafe
          http://www.openswatchbook.org/uri/2009/osb0%Avira URL Cloudsafe
          https://www.abyssmedia.com/pad/getpad.php?pad=0%Avira URL Cloudsafe
          https://116.202.183.33:25565/mozglue.dll0%Avira URL Cloudsafe
          https://116.202.183.33:25565/?Qt0%Avira URL Cloudsafe
          https://116.202.183.33:25565/vcruntime140.dlll0Qy0%Avira URL Cloudsafe
          https://116.202.183.33:255650%Avira URL Cloudsafe
          https://116.202.183.33:25565ontent-Disposition:0%Avira URL Cloudsafe
          https://116.202.183.33:25565/M0%Avira URL Cloudsafe
          https://116.202.183.33:25565/E0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          t.me
          		149.154.167.99
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://t.me/redcarscfalse
              		high
              https://steamcommunity.com/profiles/76561199577999137false
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://116.202.183.33:25565/sqlite3.dllall the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://duckduckgo.com/chrome_newtabIDBAKKEC.0.drfalse
                  		high
                  https://t.me/all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://duckduckgo.com/ac/?q=IDBAKKEC.0.drfalse
                      		high
                      https://web.telegram.orgall the necessary information.scr, 00000000.00000003.1430749832.0000000028766000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://116.202.183.33:25565/freebl3.dllall the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ocsps.ssl.com0?all the necessary information.scrfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0all the necessary information.scrfalse
                          		high
                          https://116.202.183.33:25565/all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Qall the necessary information.scrfalse
                            		high
                            http://ocsps.ssl.com0all the necessary information.scrfalse
                            • URL Reputation: safe
                            		unknown
                            https://116.202.183.33:25565/softokn3.dllall the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://t.me/Kall the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://116.202.183.33:25565/vcruntime140.dllall the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=IDBAKKEC.0.drfalse
                                		high
                                https://t.me/redall the necessary information.scr, 00000000.00000002.1671633048.000000002A4F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0all the necessary information.scrfalse
                                    		high
                                    http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_all the necessary information.scrfalse
                                      		high
                                      https://116.202.183.33:25565/mozglue.dll5all the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://116.202.183.33:25565/freebl3.dll%all the necessary information.scr, 00000000.00000002.1669874156.00000000286C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.abyssmedia.com/all the necessary information.scrfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://116.202.183.33:25565/bMall the necessary information.scr, 00000000.00000003.1481977492.0000000028769000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://116.202.183.33:25565/(all the necessary information.scr, 00000000.00000003.1481977492.0000000028769000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://116.202.183.33:25565/%all the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.abyssmedia.com/order.shtml?ref=AudioRetoucheropenSVall the necessary information.scrfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0all the necessary information.scrfalse
                                        		high
                                        https://116.202.183.33:25565x(all the necessary information.scr, 00000000.00000003.1481977492.0000000028772000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        https://116.202.183.33:25565/0Qyall the necessary information.scr, 00000000.00000003.1481794496.000000002B760000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://t.me/redcarscsp77dMozilla/5.0all the necessary information.scr, 00000000.00000002.1671689348.000000002A510000.00000004.00001000.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A951000.00000040.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://116.202.183.33:25565/nss3.dllall the necessary information.scr, 00000000.00000002.1674384182.000000002B768000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1669874156.0000000028781000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://116.202.183.33:25565/Authorityall the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchIDBAKKEC.0.drfalse
                                            		high
                                            https://www.ssl.com/repository0all the necessary information.scrfalse
                                              		high
                                              https://116.202.183.33:25565/nss3.dllCwall the necessary information.scr, 00000000.00000002.1674384182.000000002B768000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.abyssmedia.com/audioretoucher/openall the necessary information.scrfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://steamcommunity.com/profiles/76561199577999137sp77dall the necessary information.scr, 00000000.00000002.1671689348.000000002A510000.00000004.00001000.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A951000.00000040.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://creativecommons.org/publicdomain/zero/1.0/)all the necessary information.scrfalse
                                                  		high
                                                  https://116.202.183.33:25565/cruntime140.dll~Qall the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.microsoft.call the necessary information.scr, 00000000.00000003.1430749832.0000000028766000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000003.1481977492.0000000028781000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://116.202.183.33/all the necessary information.scr, 00000000.00000003.1481977492.0000000028772000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1669874156.0000000028772000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://116.202.183.33:25565/$tall the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://116.202.183.33:25565/vcruntime140.dll?Qtall the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://116.202.183.33:25565/:081.SFall the necessary information.scr, 00000000.00000003.1481794496.000000002B760000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.sqlite.org/copyright.html.all the necessary information.scr, 00000000.00000002.1675739788.000000002BD78000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, sqlite3[1].dll.0.drfalse
                                                    		high
                                                    https://116.202.183.33:25565neall the necessary information.scr, 00000000.00000002.1672973105.000000002A9D7000.00000040.00001000.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    https://116.202.183.33:25565/aall the necessary information.scr, 00000000.00000002.1669874156.00000000286C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.abyssmedia.com/order.shtml?ref=audioretoucheropenall the necessary information.scrfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoIDBAKKEC.0.drfalse
                                                      		high
                                                      https://www.abyssmedia.com/audioretoucher/audioretoucher.xmlall the necessary information.scrfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=IDBAKKEC.0.drfalse
                                                        		high
                                                        https://116.202.183.33:25565/msvcp140.dllall the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.ecosia.org/newtab/IDBAKKEC.0.drfalse
                                                          		high
                                                          https://116.202.183.33:25565/softokn3.dllIall the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.abyssmedia.com/downloads/audioretoucher.exeall the necessary information.scrfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://116.202.183.33:25565/gall the necessary information.scr, 00000000.00000003.1481866655.000000002879D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://116.202.183.33:25565/mozglue.dllall the necessary information.scr, 00000000.00000002.1674384182.000000002B7A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.openswatchbook.org/uri/2009/osball the necessary information.scrfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://ac.ecosia.org/autocomplete?q=IDBAKKEC.0.drfalse
                                                            		high
                                                            https://116.202.183.33:25565/FHJKFCGIEBGIIJDdQall the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://crls.ssl.com/ssl.com-rsa-RootCA.crl0all the necessary information.scrfalse
                                                              		high
                                                              http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0all the necessary information.scrfalse
                                                                		high
                                                                https://www.abyssmedia.com/pad/getpad.php?pad=all the necessary information.scrfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://116.202.183.33:25565/?Qtall the necessary information.scr, 00000000.00000003.1481794496.000000002B760000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://116.202.183.33:25565all the necessary information.scr, 00000000.00000002.1669874156.0000000028710000.00000004.00000020.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A9D7000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://116.202.183.33:25565/vcruntime140.dlll0Qyall the necessary information.scr, 00000000.00000002.1674384182.000000002B73A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://116.202.183.33:25565/Mall the necessary information.scr, 00000000.00000002.1669874156.000000002879A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0all the necessary information.scrfalse
                                                                  		high
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=IDBAKKEC.0.drfalse
                                                                    		high
                                                                    https://116.202.183.33:25565/Eall the necessary information.scr, 00000000.00000002.1669874156.00000000286C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://116.202.183.33:25565ontent-Disposition:all the necessary information.scr, 00000000.00000002.1672973105.000000002AA15000.00000040.00001000.00020000.00000000.sdmp, all the necessary information.scr, 00000000.00000002.1672973105.000000002A9D7000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		low

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    116.202.183.33
                                                                    		unknownGermany
                                                                    		24940HETZNER-ASDEfalse
                                                                    149.154.167.99
                                                                    		t.meUnited Kingdom
                                                                    		62041TELEGRAMRUfalse

                                                                    General Information

                                                                    Joe Sandbox version:38.0.0 Ammolite
                                                                    Analysis ID:1355302
                                                                    Start date and time:2023-12-07 10:48:50 +01:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 10m 43s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Number of analysed new started processes analysed:8
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:all the necessary information.scr
                                                                    Detection:MAL
                                                                    Classification:mal92.troj.spyw.evad.winSCR@1/11@1/2
                                                                    EGA Information:
                                                                    • Successful, ratio: 100%
                                                                    HCA Information:
                                                                    • Successful, ratio: 93%
                                                                    • Number of executed functions: 13
                                                                    • Number of non-executed functions: 97
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .scr

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                    • Excluded IPs from analysis (whitelisted): 23.56.6.35, 23.56.6.27, 72.21.81.240
                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, time.windows.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsps.ssl.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                    • VT rate limit hit for: all the necessary information.scr

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    No simulations

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    116.202.183.33rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                      rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                        dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                          dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                            Additional information for Hotel_patched.scrGet hashmaliciousVidarBrowse
                                                                              149.154.167.99jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                              • t.me/cinoshibot
                                                                              vSlVoTPrmP.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                              • t.me/cinoshibot
                                                                              RO67OsrIWi.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                              • t.me/cinoshibot
                                                                              KeyboardRGB.exeGet hashmaliciousUnknownBrowse
                                                                              • t.me/cinoshibot
                                                                              file.exeGet hashmaliciousCinoshi StealerBrowse
                                                                              • t.me/cinoshibot
                                                                              W6qKnnjMEiGet hashmaliciousAnubisBrowse
                                                                              • t.me/jhzljkhbsdklzjdlkzj281679827sjah
                                                                              snfstBXgxaGet hashmaliciousAnubisBrowse
                                                                              • t.me/cui8txvnmv

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              t.merFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              Additional information for Hotel_patched.scrGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              CijE923xjU.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              Wishes for our journey December 2023.scrGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              UYUuh7vsdN.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                              • 149.154.167.99
                                                                              Aaca8T1ZJ5.exeGet hashmaliciousBabuk, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                              • 149.154.167.99
                                                                              O7Bptb2MyD.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                              • 149.154.167.99
                                                                              s6n00Z3C86.exeGet hashmaliciousBabuk, Clipboard Hijacker, DCRat, Djvu, RedLine, SmokeLoader, zgRATBrowse
                                                                              • 149.154.167.99
                                                                              JYAtBufpV4.exeGet hashmaliciousDCRat, Djvu, RedLine, SmokeLoader, zgRATBrowse
                                                                              • 149.154.167.99
                                                                              jDmQ0fSgg6.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              CSSHJQpPTD.exeGet hashmaliciousBabuk, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                              • 149.154.167.99
                                                                              JgFgdY52fi.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                              • 149.154.167.99
                                                                              A7yXv6oIkf.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                              • 149.154.167.99
                                                                              8PCIN6uOoT.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                              • 149.154.167.99
                                                                              6WdbGOiF8C.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              sC46xlBFod.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                              • 149.154.167.99

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              TELEGRAMRUT36tj08DWE.exeGet hashmaliciousAgentTeslaBrowse
                                                                              • 149.154.167.220
                                                                              Banco_BPM_Payment__Receipt.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 149.154.167.220
                                                                              Hesap_Hareketleri_SUN_BAGLANTI__ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                              • 149.154.167.220
                                                                              AYF00675.lnkGet hashmaliciousAgentTesla, MalLnkBrowse
                                                                              • 149.154.167.220
                                                                              rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              oNXjXql2k2.exeGet hashmaliciousGhost StealerBrowse
                                                                              • 149.154.167.220
                                                                              rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              PAYMENT_INVOICE.BAT.exeGet hashmaliciousAgentTeslaBrowse
                                                                              • 149.154.167.220
                                                                              dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              Additional information for Hotel_patched.scrGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              t6oXov842L.exeGet hashmaliciousAgartha ClipperBrowse
                                                                              • 149.154.167.220
                                                                              Seed_Phrase_Bruter___checker.exeGet hashmaliciousAgentTesla, MicroClip, VidarBrowse
                                                                              • 149.154.167.220
                                                                              df.exeGet hashmaliciousBlank GrabberBrowse
                                                                              • 149.154.167.220
                                                                              57.exeGet hashmaliciousBlank GrabberBrowse
                                                                              • 149.154.167.220
                                                                              1e.exeGet hashmaliciousBlank GrabberBrowse
                                                                              • 149.154.167.220
                                                                              africpiou.exeGet hashmaliciousAgentTeslaBrowse
                                                                              • 149.154.167.220
                                                                              G7LoJUbSv4.exeGet hashmaliciousAgentTeslaBrowse
                                                                              • 149.154.167.220
                                                                              LAM_CHUAN_Q710901.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                              • 149.154.167.220
                                                                              CijE923xjU.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              HETZNER-ASDEhttps://p.feedblitz.com/t3.asp?/1081591/102442729/7821567_/~feeds.feedblitz.com/~/t/0/0/sethsblog/posts/~//jorefco.com/wp-content/ghff/nhrhg/c29sdXRpb25jZW50ZXJAbmF0aW9uYWxtaS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                              • 95.216.28.234
                                                                              file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              New_Order.exeGet hashmaliciousAgentTeslaBrowse
                                                                              • 5.9.154.209
                                                                              PGHPC-10-0033-FZB-001_I.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                              • 95.216.242.245
                                                                              file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              3DmdxH8ksO.exeGet hashmaliciousLummaC Stealer, PrivateLoader, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                              • 144.76.136.153
                                                                              file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, zgRATBrowse
                                                                              • 95.216.227.177
                                                                              DjZ61wINTx.exeGet hashmaliciousLummaC Stealer, PrivateLoader, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader, XmrigBrowse
                                                                              • 144.76.136.153
                                                                              file.exeGet hashmaliciousGlupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, zgRATBrowse
                                                                              • 95.216.227.177
                                                                              file.exeGet hashmaliciousGlupteba, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              https://www.agfax.com/2023/12/05/usda-releases-map-showing-areas-approved-for-its-broadband-connection-program/Get hashmaliciousUnknownBrowse
                                                                              • 136.243.216.235
                                                                              file.exeGet hashmaliciousGlupteba, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              https://zytechsolutions.com/client-support/Get hashmaliciousUnknownBrowse
                                                                              • 136.243.216.235
                                                                              CPT3DXkMQL.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                              • 95.216.227.177
                                                                              1Ss2i9054R.exeGet hashmaliciousRedLine, SectopRAT, zgRATBrowse
                                                                              • 94.130.51.115
                                                                              rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                              • 116.202.183.33

                                                                              JA3 Fingerprints

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              37f463bf4616ecd445d4a1937da06e190442.pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 149.154.167.99
                                                                              0442.pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 149.154.167.99
                                                                              AW7nbF91QE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 149.154.167.99
                                                                              Debt-Payment_paper.jsGet hashmaliciousUnknownBrowse
                                                                              • 149.154.167.99
                                                                              Debt-Payment_paper.jsGet hashmaliciousUnknownBrowse
                                                                              • 149.154.167.99
                                                                              Zam#U00f3wienie.ZD33166.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                              • 149.154.167.99
                                                                              nota-gerada-53629915-21195409175.htmlGet hashmaliciousUnknownBrowse
                                                                              • 149.154.167.99
                                                                              iguufjAqnn.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                              • 149.154.167.99
                                                                              fNEOQV1Qo2.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                              • 149.154.167.99
                                                                              Techspan Statement.xlsmGet hashmaliciousUnknownBrowse
                                                                              • 149.154.167.99
                                                                              rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              setup.exeGet hashmaliciousUnknownBrowse
                                                                              • 149.154.167.99
                                                                              nota-emitida-71515474-50633616729.htmlGet hashmaliciousUnknownBrowse
                                                                              • 149.154.167.99
                                                                              Liquidacion_por_Factorizcion_de_Creditos.exeGet hashmaliciousGuLoaderBrowse
                                                                              • 149.154.167.99
                                                                              Shipping_doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 149.154.167.99
                                                                              ZmWSzgevgt.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                              • 149.154.167.99
                                                                              dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99
                                                                              ZmWSzgevgt.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                              • 149.154.167.99
                                                                              dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                              • 149.154.167.99

                                                                              Dropped Files

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\sqlite3[1].dllrFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                                rFnxSwThhn.exeGet hashmaliciousVidarBrowse
                                                                                  dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                                    dasveed.bin.exeGet hashmaliciousVidarBrowse
                                                                                      Additional information for Hotel_patched.scrGet hashmaliciousVidarBrowse
                                                                                        Wishes for our journey December 2023.scrGet hashmaliciousVidarBrowse
                                                                                          UYUuh7vsdN.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                            Aaca8T1ZJ5.exeGet hashmaliciousBabuk, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                              O7Bptb2MyD.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                s6n00Z3C86.exeGet hashmaliciousBabuk, Clipboard Hijacker, DCRat, Djvu, RedLine, SmokeLoader, zgRATBrowse
                                                                                                  JYAtBufpV4.exeGet hashmaliciousDCRat, Djvu, RedLine, SmokeLoader, zgRATBrowse
                                                                                                    CSSHJQpPTD.exeGet hashmaliciousBabuk, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                      JgFgdY52fi.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                        A7yXv6oIkf.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                          8PCIN6uOoT.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                            6WdbGOiF8C.exeGet hashmaliciousVidarBrowse
                                                                                                              sC46xlBFod.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                                file.exeGet hashmaliciousGlupteba, Petite Virus, Socks5Systemz, VidarBrowse
                                                                                                                  file.exeGet hashmaliciousGlupteba, Petite Virus, Socks5Systemz, VidarBrowse
                                                                                                                    file.exeGet hashmaliciousVidarBrowse

                                                                                                                      Created / dropped Files

                                                                                                                      C:\ProgramData\AKFIDHDGIEGCAKFIIJKF

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Reputation:high, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\BGHCGCAE

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):155648
                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                      Malicious:false
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\FCAAEHJDBKJJKFHJEBKFBGDAAE

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                      Malicious:false
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\HCAFIJDGHCBFHJKFCGIEBGIIJD

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.848598812124929
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                                                                      MD5:9664DAA86F8917816B588C715D97BE07
                                                                                                                      SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                                                                      SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                                                                      SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                                                                      Malicious:false
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\IDBAKKEC

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.137181696973627
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                      MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                      SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                      SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                      SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                      Malicious:false
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\IIJKJDAF

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):159744
                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\KJEHCGDB

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):196608
                                                                                                                      Entropy (8bit):1.1215420383712111
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                      MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                      SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                      SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                      SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\KJJJJDHIDBGHIDHIDAFB

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):51200
                                                                                                                      Entropy (8bit):0.8746135976761988
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 66791 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):66791
                                                                                                                      Entropy (8bit):7.995531727155867
                                                                                                                      Encrypted:true
                                                                                                                      SSDEEP:1536:drFvD2YSE/sFDqV0FJJynkAhftCvMd3coa282frgW1qgNzU:drVDJSeaDqV0FJwLhVkr282fF5U
                                                                                                                      MD5:AC05D27423A85ADC1622C714F2CB6184
                                                                                                                      SHA1:B0FE2B1ABDDB97837EA0195BE70AB2FF14D43198
                                                                                                                      SHA-256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
                                                                                                                      SHA-512:6D0EF9050E41FBAE680E0E59DD0F90B6AC7FEA5579EF5708B69D5DA33A0ECE7E8B16574B58B17B64A34CC34A4FFC22B4A62C1ECE61F36C4A11A0665E0536B90D
                                                                                                                      Malicious:false
                                                                                                                      Preview:MSCF............,...................I.................gW.e .authroot.stl..u/1.5..CK..<Tk...p.k:..c.Y:.(Qc...%Y.f_...$..DHn..6i/.]....-!QQ*..}f..f...}..1....9.......pN..mI.a.....!...N.....xP.f6..C.'#.c.@GN(3.<3.......9...('3...l.l....B..x..e...UWFU.TT.l.L...._.l1......w.\..Xb.v..Q......pKP.....M`.Y......Op4=.(=P.e...p.(U.....z7MF..O......V2.....#...pj...z.!...wQ...V&.Gz..Nv.4..y(J...A..':.2Q.^u.y..<.1..2..o........H.D.S.....62.| w(...B.......h.QZ..'....l.<....6..Z...p?... .pT.......l..S..K....FT?.....p..`.&..y..."T=l.n..egf.w..X.Y...G.m....=.}cO.7.....9....o..:.Y=.-.5....ud.J&.]..*Q..._<.S....{a.=.n...PT.Um).| kpyA....h.PXY.>.......^2U...H.....V<\...k..~....H..p...8..'..?...r>.4..!u......1\.`.<.+..n..p..]...).....L.g....#.<..c]R.U."\i.Z.>...`Q..g6....0.......F.........N.s.Z..A........m.^....a_..>v.-.mk...wt.n.:...>S..;....1...j.+m.&S......$.T...i.B=h.n...c.!e.....Y.#..bw.}...d.. ..w... .&..w.9..}k...\...=....{q.Up..y;..7.-.K.'.....

                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):330
                                                                                                                      Entropy (8bit):3.122510181921535
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6:kKC0osurN+SkQlPlEGYRMY9z+4KlDA3RUeWc3l0:VPkPlE99SNxAhUeWcC
                                                                                                                      MD5:E2E0182FFF9EB804885D828B1C49346F
                                                                                                                      SHA1:2DC00EA8F33EDD6C950C0936BE34E3B1C2CB6C65
                                                                                                                      SHA-256:554D29D993DCD9CA6F56C34EF9C3E4271270C97BB3A0CFA648CFF28D9596ECEE
                                                                                                                      SHA-512:96754A43CCABFAC7AEA3CB8A3D3D64241BF78847D554EE26FD726B7FC07A96B29ED4C27C0A4D0F2E288F7A42878FC1310B83025BBDBE87436AFEA36522A24CB3
                                                                                                                      Malicious:false
                                                                                                                      Preview:p...... .........N...(..(....................................................... ..........H"......(...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".3.f.e.4.e.6.1.a.4.8.2.2.d.a.1.:.0."...

                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\sqlite3[1].dll

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1106998
                                                                                                                      Entropy (8bit):6.500333177860392
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12288:dxylSMUMifofI9ayCvcZMBiMjCodEMdo8R66tCWko5+jsbFcoYuprzpGSgGSrz:d4AMB3caSZMijBI1CWkoj5auF5gGSrz
                                                                                                                      MD5:1F44D4D3087C2B202CF9C90EE9D04B0F
                                                                                                                      SHA1:106A3EBC9E39AB6DDB3FF987EFB6527C956F192D
                                                                                                                      SHA-256:4841020C8BD06B08FDE6E44CBE2E2AB33439E1C8368E936EC5B00DC0584F7260
                                                                                                                      SHA-512:B614C72A3C1CE681EBFFA628E29AA50275CC80CA9267380960C5198EA4D0A3F2DF6CFB7275491D220BAD72F14FC94E6656501E9A061D102FB11E00CFDA2BEB45
                                                                                                                      Malicious:false
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                      Joe Sandbox View:
                                                                                                                      • Filename: rFnxSwThhn.exe, Detection: malicious, Browse
                                                                                                                      • Filename: rFnxSwThhn.exe, Detection: malicious, Browse
                                                                                                                      • Filename: dasveed.bin.exe, Detection: malicious, Browse
                                                                                                                      • Filename: dasveed.bin.exe, Detection: malicious, Browse
                                                                                                                      • Filename: Additional information for Hotel_patched.scr, Detection: malicious, Browse
                                                                                                                      • Filename: Wishes for our journey December 2023.scr, Detection: malicious, Browse
                                                                                                                      • Filename: UYUuh7vsdN.exe, Detection: malicious, Browse
                                                                                                                      • Filename: Aaca8T1ZJ5.exe, Detection: malicious, Browse
                                                                                                                      • Filename: O7Bptb2MyD.exe, Detection: malicious, Browse
                                                                                                                      • Filename: s6n00Z3C86.exe, Detection: malicious, Browse
                                                                                                                      • Filename: JYAtBufpV4.exe, Detection: malicious, Browse
                                                                                                                      • Filename: CSSHJQpPTD.exe, Detection: malicious, Browse
                                                                                                                      • Filename: JgFgdY52fi.exe, Detection: malicious, Browse
                                                                                                                      • Filename: A7yXv6oIkf.exe, Detection: malicious, Browse
                                                                                                                      • Filename: 8PCIN6uOoT.exe, Detection: malicious, Browse
                                                                                                                      • Filename: 6WdbGOiF8C.exe, Detection: malicious, Browse
                                                                                                                      • Filename: sC46xlBFod.exe, Detection: malicious, Browse
                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!.....&...................@.....a.........................0.......:........ ..........................*...........0.......................@...<........................... .......................................................text....%.......&..................`.P`.data...|'...@...(...,..............@.`..rdata..pD...p...F...T..............@.`@.bss....(.............................`..edata...*.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..rsrc........0......................@.0..reloc...<...@...>..................@.0B/4......8...........................@.@B/19.....R............"..............@..B/31.....]'...`...(..................@..B/45......-..........................@..B/57.....\............B..............@.0B/70.....#............N..

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Entropy (8bit):0.06306709718317198
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.53%
                                                                                                                      • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      File name:all the necessary information.scr
                                                                                                                      File size:672'236'584 bytes
                                                                                                                      MD5:df5ac38d7bc0233a2775fe6a54db880a
                                                                                                                      SHA1:b5e261d8e49ce7f6170e270de1a1f875333dfdca
                                                                                                                      SHA256:99e11573d54e8379e7fc2d5b2233764cef0b4f6a910ddca9df64e8aa09c3822c
                                                                                                                      SHA512:ed05aadb081f652b0baa70d7040414c83d8d76098de7f8ffdc4bf1408974210de340e57d8170898187b0cc53e5bcb0822a7544d8d3dcdc85b554e93990bc4c9a
                                                                                                                      SSDEEP:
                                                                                                                      TLSH:
                                                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                      File Icon

                                                                                                                      Icon Hash:c0829ac38383c282

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x632c7c
                                                                                                                      Entrypoint Section:.itext
                                                                                                                      Digitally signed:true
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                      DLL Characteristics:
                                                                                                                      Time Stamp:0x63BD024C [Tue Jan 10 06:14:36 2023 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:5
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:5
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:5
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:97e5e1db7798516087c846489f89ffe5

                                                                                                                      Authenticode Signature

                                                                                                                      Signature Valid:true
                                                                                                                      Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                                      Error Number:0
                                                                                                                      Not Before, Not After
                                                                                                                      • 30/11/2023 15:12:45 29/11/2024 15:12:45
                                                                                                                      Subject Chain
                                                                                                                      • OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization, CN=Quantum Hvac System Inc., SERIALNUMBER=1148186-0, O=Quantum Hvac System Inc., L=Mississauga, S=Ontario, C=CA
                                                                                                                      Version:3
                                                                                                                      Thumbprint MD5:7B5EA8EFB73306D627D24B36C0CBC4D2
                                                                                                                      Thumbprint SHA-1:19EAC81D0A494A744919E6C6A6FA13ACFF2EAA20
                                                                                                                      Thumbprint SHA-256:C7A7E6CEC05058FFFD6CF2DE587C477F1C1CC10EEC5AB2DA0771CA026136CC42
                                                                                                                      Serial:46797C9105E4F2C666FAD1374B65A5B4

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      add esp, FFFFFFF0h
                                                                                                                      push ebx
                                                                                                                      mov eax, 00625E54h
                                                                                                                      call 00007F0935163FDCh
                                                                                                                      mov ebx, dword ptr [0063E7D4h]
                                                                                                                      mov eax, dword ptr [ebx]
                                                                                                                      call 00007F09352CFF63h
                                                                                                                      mov eax, dword ptr [ebx]
                                                                                                                      mov edx, 00632CF8h
                                                                                                                      call 00007F09352CF907h
                                                                                                                      mov ecx, dword ptr [0063E338h]
                                                                                                                      mov eax, dword ptr [ebx]
                                                                                                                      mov edx, dword ptr [0062106Ch]
                                                                                                                      call 00007F093534CCFCh
                                                                                                                      mov ecx, dword ptr [0063EA8Ch]
                                                                                                                      mov eax, dword ptr [ebx]
                                                                                                                      mov edx, dword ptr [0061C7F0h]
                                                                                                                      call 00007F09352CFF49h
                                                                                                                      mov ecx, dword ptr [0063E664h]
                                                                                                                      mov eax, dword ptr [ebx]
                                                                                                                      mov edx, dword ptr [00620A8Ch]
                                                                                                                      call 00007F09352CFF36h
                                                                                                                      mov eax, dword ptr [ebx]
                                                                                                                      call 00007F09352D0093h
                                                                                                                      pop ebx
                                                                                                                      call 00007F093515FABDh
                                                                                                                      mov al, 04h
                                                                                                                      add al, byte ptr [eax]

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x24c0000x5f.edata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2450000x3d9a.idata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2840000x24b58.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x281164000x2028Earqtput
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x24f0000x343a0.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x24e0180xf.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x24e0000x18.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x245b980x97c.idata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2490000x2b16.didata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x22d0b40x22d200unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .itext0x22f0000x3d180x3e00False0.33001512096774194data5.22295322660833IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .data0x2330000xbaec0xbc00False0.5940616688829787data6.729262238376971IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .bss0x23f0000x5c080x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .idata0x2450000x3d9a0x3e00False0.31111391129032256COFF DSP21k relocatable object, not stripped5.08913218885617IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .didata0x2490000x2b160x2c00False0.2736150568181818data4.848948061088015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .edata0x24c0000x5f0x200False0.166015625data1.1055216092643714IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .tls0x24d0000x400x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rdata0x24e0000x270x200False0.083984375data0.47299244622245973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0x24f0000x343a00x34400False0.548360870215311data6.697707018943598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                      .rsrc0x2840000x24b580x24c00False0.27337106717687076data5.6962365217304IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      Earqtput0x2a90000x27e796000x27e79600unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_CURSOR0x284d7c0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                      RT_CURSOR0x284eb00x134dataEnglishUnited States0.4642857142857143
                                                                                                                      RT_CURSOR0x284fe40x134dataEnglishUnited States0.4805194805194805
                                                                                                                      RT_CURSOR0x2851180x134dataEnglishUnited States0.38311688311688313
                                                                                                                      RT_CURSOR0x28524c0x134dataEnglishUnited States0.36038961038961037
                                                                                                                      RT_CURSOR0x2853800x134dataEnglishUnited States0.4090909090909091
                                                                                                                      RT_CURSOR0x2854b40x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                      RT_BITMAP0x2855e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                                                                      RT_BITMAP0x2857b80x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                                                                                                                      RT_BITMAP0x28599c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                                                                      RT_BITMAP0x285b6c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                                                                                                                      RT_BITMAP0x285d3c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                                                                                                                      RT_BITMAP0x285f0c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                                                                                                                      RT_BITMAP0x2860dc0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                                                                                                                      RT_BITMAP0x2862ac0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                                                                      RT_BITMAP0x28647c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                                                                                                                      RT_BITMAP0x28664c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                                                                      RT_ICON0x28681c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 23040.3516393442622951
                                                                                                                      RT_STRING0x2871a40x4f0data0.3662974683544304
                                                                                                                      RT_STRING0x2876940xb70data0.22848360655737704
                                                                                                                      RT_STRING0x2882040x334data0.3780487804878049
                                                                                                                      RT_STRING0x2885380x2e8data0.44489247311827956
                                                                                                                      RT_STRING0x2888200x4a0data0.375
                                                                                                                      RT_STRING0x288cc00x3f0data0.37797619047619047
                                                                                                                      RT_STRING0x2890b00x3e0data0.40725806451612906
                                                                                                                      RT_STRING0x2894900xa0data0.7
                                                                                                                      RT_STRING0x2895300xe0data0.6473214285714286
                                                                                                                      RT_STRING0x2896100x110data0.625
                                                                                                                      RT_STRING0x2897200x40cdata0.39864864864864863
                                                                                                                      RT_STRING0x289b2c0x3f8data0.36515748031496065
                                                                                                                      RT_STRING0x289f240x408data0.29941860465116277
                                                                                                                      RT_STRING0x28a32c0x37cdata0.4327354260089686
                                                                                                                      RT_STRING0x28a6a80x424data0.3613207547169811
                                                                                                                      RT_STRING0x28aacc0x388data0.3938053097345133
                                                                                                                      RT_STRING0x28ae540x394data0.33624454148471616
                                                                                                                      RT_STRING0x28b1e80x330data0.4007352941176471
                                                                                                                      RT_STRING0x28b5180xc4data0.6173469387755102
                                                                                                                      RT_STRING0x28b5dc0x9cdata0.6346153846153846
                                                                                                                      RT_STRING0x28b6780x328data0.45173267326732675
                                                                                                                      RT_STRING0x28b9a00x3a8data0.3173076923076923
                                                                                                                      RT_STRING0x28bd480x38cdata0.3876651982378855
                                                                                                                      RT_STRING0x28c0d40x2f4data0.39814814814814814
                                                                                                                      RT_RCDATA0x28c3c80x20data1.09375
                                                                                                                      RT_RCDATA0x28c3e80x10data1.5
                                                                                                                      RT_RCDATA0x28c3f80x984data0.5476190476190477
                                                                                                                      RT_RCDATA0x28cd7c0x2dataEnglishUnited States5.0
                                                                                                                      RT_RCDATA0x28cd800x5a55Delphi compiled form 'TAboutForm'0.3458162162162162
                                                                                                                      RT_RCDATA0x2927d80x129d3Delphi compiled form 'TPlayerForm'0.2448880552968797
                                                                                                                      RT_RCDATA0x2a51ac0x2f5Delphi compiled form 'Tprogressform'0.5772787318361955
                                                                                                                      RT_RCDATA0x2a54a40x2b86Delphi compiled form 'TregisterForm'0.307305690181296
                                                                                                                      RT_GROUP_CURSOR0x2a802c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                      RT_GROUP_CURSOR0x2a80400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                      RT_GROUP_CURSOR0x2a80540x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2a80680x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2a807c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2a80900x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2a80a40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_ICON0x2a80b80x14data1.1
                                                                                                                      RT_VERSION0x2a80cc0x204dataEnglishUnited States0.5174418604651163
                                                                                                                      RT_MANIFEST0x2a82d00x887XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.33852496564360973

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                      advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                      user32.dllMessageBoxA, CharNextW, LoadStringW
                                                                                                                      kernel32.dllSleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
                                                                                                                      kernel32.dllGetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
                                                                                                                      user32.dllSetClassLongW, GetClassLongW, SetWindowLongW, GetWindowLongW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FlashWindow, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIconIndirect, CreateIcon, CopyImage, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                      gdi32.dllUnrealizeObject, StrokePath, StrokeAndFillPath, StretchDIBits, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixelV, SetPixel, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetNearestPaletteIndex, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontFamiliesExW, EndPath, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CloseFigure, Chord, BitBlt, BeginPath, ArcTo, Arc, AngleArc
                                                                                                                      version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                      kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, MulDiv, LockResource, LocalFree, LoadResource, LoadLibraryExW, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetTickCount, GetThreadPriority, GetThreadLocale, GetStdHandle, GetShortPathNameW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, FindFirstFileW, FindClose, EnumSystemLocalesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileW, CreateEventW, CompareStringW, CloseHandle
                                                                                                                      advapi32.dllRegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegFlushKey, RegCreateKeyExW, RegCloseKey
                                                                                                                      kernel32.dllGetUserDefaultUILanguage, Sleep
                                                                                                                      oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                                                      oleaut32.dllCreateErrorInfo, GetErrorInfo, SetErrorInfo, SysFreeString
                                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                                                      user32.dllEnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromWindow
                                                                                                                      msvcrt.dllmemset, memcpy
                                                                                                                      shell32.dllShellExecuteW, Shell_NotifyIconW, DragQueryFileW, DragFinish, DragAcceptFiles
                                                                                                                      comdlg32.dllGetOpenFileNameW

                                                                                                                      Exports

                                                                                                                      NameOrdinalAddress
                                                                                                                      TMethodImplementationIntercept10x457bf4

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States

                                                                                                                      Network Behavior

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 7, 2023 10:50:02.610898018 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:02.610945940 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:02.611047029 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:02.625485897 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:02.625502110 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.111650944 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.111815929 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:03.211538076 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:03.211563110 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.212559938 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.212656975 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:03.217744112 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:03.260735035 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.590934038 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.590998888 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.591038942 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.591180086 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.591303110 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:03.591363907 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:03.604159117 CET49702443192.168.2.7149.154.167.99
                                                                                                                      Dec 7, 2023 10:50:03.604177952 CET44349702149.154.167.99192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.610591888 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:03.857471943 CET2556549703116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:03.857641935 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:03.858269930 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:04.108004093 CET2556549703116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:04.125103951 CET2556549703116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:04.125144958 CET2556549703116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:04.125242949 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:04.125277996 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:04.754888058 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:05.001899958 CET2556549703116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:05.001997948 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:05.002535105 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:05.293486118 CET2556549703116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:05.498429060 CET2556549703116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:05.498574972 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:05.643747091 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:05.890696049 CET2556549705116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:05.890928030 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:05.891315937 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:06.138313055 CET2556549705116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:06.138387918 CET2556549705116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:06.138469934 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:06.494098902 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:06.495942116 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:06.742741108 CET2556549705116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:07.059798956 CET2556549705116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:07.059911966 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.061022043 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.061563015 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.308571100 CET2556549703116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:07.308638096 CET2556549706116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:07.308707952 CET4970325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.308758020 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.356628895 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.603712082 CET2556549706116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:07.603873014 CET2556549706116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:07.603944063 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.604263067 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.606523037 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:07.852791071 CET2556549706116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:08.168783903 CET2556549706116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:08.168809891 CET2556549706116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:08.168987036 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.170269012 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.170810938 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.417134047 CET2556549705116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:08.417180061 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:08.417202950 CET4970525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.417248964 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.417598009 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.663839102 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:08.664088011 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:08.664187908 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.664901972 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.726891994 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:08.952939987 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:08.973361969 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.305834055 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.305896997 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.305932045 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.305939913 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.305984974 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.306094885 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.306094885 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.306094885 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.365923882 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.366439104 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.612514019 CET2556549706116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.612586021 CET4970625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.612709999 CET2556549713116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.612799883 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.613286972 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.859591961 CET2556549713116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.859790087 CET2556549713116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:09.859996080 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.860316038 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.868741035 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:09.868805885 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:10.115119934 CET2556549713116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:10.115161896 CET2556549713116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:10.115309000 CET2556549713116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:10.527733088 CET2556549713116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:10.527802944 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:10.651130915 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:10.652529001 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:10.897814989 CET2556549709116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:10.897886038 CET4970925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:10.898884058 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:10.898983002 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:10.899452925 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.145888090 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.146444082 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.146569014 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.147044897 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.149393082 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.398957014 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.399570942 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.399614096 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.399643898 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.399674892 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.399712086 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.399761915 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.399791956 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.399835110 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.399857044 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.399895906 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.399912119 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.399950027 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.399971008 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.400000095 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.400026083 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.400062084 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.400084972 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.400115013 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.400140047 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.400192022 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.646950960 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.646970034 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.647061110 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.647078991 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.647128105 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.647339106 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.647388935 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.647442102 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.647484064 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.647496939 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.647536039 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.647960901 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648034096 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648057938 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648096085 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648127079 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648170948 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648180962 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648224115 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648246050 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648293972 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648494959 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648539066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648546934 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648595095 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648608923 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648654938 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648729086 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648777008 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648788929 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648838997 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.648931026 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.648977995 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.649000883 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.649049044 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.649096012 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.649138927 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.649163008 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.649204969 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894077063 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894104004 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894140005 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894161940 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894179106 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894196033 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894215107 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894262075 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894289017 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894449949 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894504070 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894514084 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894525051 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894536018 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894552946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894570112 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894599915 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894618034 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894642115 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894660950 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894670963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894684076 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894707918 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894726038 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894745111 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894787073 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894798994 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.894840002 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.894970894 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.895015955 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.895569086 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.895620108 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.895800114 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.895843983 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.895850897 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.895889044 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.895900011 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.895941019 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.895970106 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896013021 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896022081 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896054029 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896064043 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896106958 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896179914 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896230936 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896246910 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896259069 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896290064 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896306038 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896353006 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896363974 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896424055 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896493912 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896543026 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896553993 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896569967 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896580935 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896603107 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896610975 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896625996 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896665096 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896711111 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896776915 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896789074 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896826982 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896835089 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896873951 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.896941900 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.896986008 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.897001028 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.897021055 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:11.897053957 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:11.897068977 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.143738031 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144009113 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144232035 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144288063 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144315958 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144335032 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144383907 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144404888 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144412994 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144450903 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144471884 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144522905 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144543886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144589901 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144629955 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144675970 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144696951 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144741058 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.144788027 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.144830942 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145059109 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145103931 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145124912 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145174980 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145186901 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145226002 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145272970 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145313978 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145380020 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145411015 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145417929 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145447969 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145459890 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145500898 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145510912 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145556927 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145662069 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145710945 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145723104 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145765066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145776987 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145812988 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145831108 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145869970 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.145941973 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.145986080 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148386955 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148428917 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148436069 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148472071 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148483992 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148529053 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148540974 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148586035 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148607969 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148652077 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148726940 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148767948 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148792982 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148816109 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148838997 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148849964 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.148946047 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.148993969 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.149585009 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.149632931 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.149645090 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.149682999 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.149701118 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.149740934 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.149753094 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.149796009 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.149820089 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.149832010 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.149868965 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.149889946 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.149940968 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.149962902 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150003910 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150010109 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150052071 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150058031 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150094986 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150175095 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150221109 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150243044 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150290966 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150312901 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150353909 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150365114 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150403976 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150417089 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150455952 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150506973 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150547981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150561094 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150604010 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150615931 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150660038 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150671959 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150718927 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150824070 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150871992 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150883913 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150927067 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.150939941 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.150986910 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.151851892 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.151899099 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.151999950 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152060986 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152069092 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152081966 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152107954 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152126074 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152146101 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152198076 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152266979 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152308941 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152431011 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152471066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152483940 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152522087 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152534008 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152573109 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152594090 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152632952 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152645111 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152684927 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152695894 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152734995 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152745962 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152786970 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152822971 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152848005 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152858973 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152883053 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152894020 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152932882 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152944088 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.152981997 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.152993917 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153033018 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.153045893 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153080940 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.153101921 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153150082 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.153165102 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153184891 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153204918 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.153214931 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.153250933 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153285980 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.153332949 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153371096 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.153393030 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153435946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.153448105 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.153489113 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.390589952 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.390610933 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.390681028 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.390759945 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.390789032 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.390805960 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.390819073 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.390851021 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.390871048 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.390892029 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.390933990 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.390960932 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391002893 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391077995 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391115904 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391123056 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391164064 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391185045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391226053 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391316891 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391360998 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391417027 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391459942 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391505957 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391540051 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391604900 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391644001 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391680956 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391720057 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391797066 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391843081 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391864061 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391906023 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.391954899 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.391993999 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392060041 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392098904 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392167091 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392206907 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392250061 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392290115 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392335892 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392364979 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392371893 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392400980 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392461061 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392507076 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392549038 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392595053 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392635107 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392682076 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392733097 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392781973 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392805099 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392849922 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392870903 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.392915964 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.392981052 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.393023968 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.393091917 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.393132925 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.393172979 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.393213987 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.393305063 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.393346071 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.393409967 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.393450022 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396250963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396303892 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396317005 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396368980 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396379948 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396420956 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396428108 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396469116 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396483898 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396522045 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396534920 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396574974 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396595001 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396634102 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396646023 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396668911 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396678925 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396713018 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396717072 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396755934 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396795988 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.396864891 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.396986961 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397002935 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397013903 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397028923 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397036076 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397044897 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397054911 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397068977 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397099972 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397108078 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397135019 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397155046 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397171974 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397233963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397283077 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397296906 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397336006 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397350073 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397397995 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397411108 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397452116 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397475004 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397511959 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397526026 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397567034 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397578955 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397618055 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397631884 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397671938 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397684097 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397722960 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397736073 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397768974 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397778988 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397810936 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397847891 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397862911 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397910118 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397922039 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.397985935 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.397996902 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398037910 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398051977 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398092031 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398102999 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398144007 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398155928 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398205042 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398216963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398257971 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398277044 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398288965 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398315907 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398366928 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398411989 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398423910 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398468018 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398479939 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398521900 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398542881 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398581982 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398592949 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398634911 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398647070 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398685932 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398706913 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398744106 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398756027 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398797035 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398809910 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398854971 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398865938 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.398905993 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.398993015 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399005890 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399060011 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399072886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399094105 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399108887 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399137020 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399213076 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399224043 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399254084 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399266005 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399274111 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399312973 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399324894 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399337053 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399369001 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399400949 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399445057 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399483919 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399524927 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399537086 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399571896 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399585009 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399636984 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399650097 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399672985 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399682999 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399712086 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399734020 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399775982 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399799109 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399838924 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399851084 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399873018 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399885893 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399914026 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399935961 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.399977922 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.399991989 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400032043 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400043964 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400084019 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400100946 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400142908 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400156021 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400170088 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400194883 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400204897 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400232077 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400275946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400288105 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400330067 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400342941 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400382042 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400394917 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400454044 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400466919 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400501966 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400506973 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400536060 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400544882 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400576115 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400599003 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400635004 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400664091 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400670052 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400692940 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400733948 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400748968 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400790930 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400801897 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400859118 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400868893 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400907040 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.400959015 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.400998116 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401010036 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401024103 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401052952 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401068926 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401119947 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401156902 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401161909 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401204109 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401216030 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401241064 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401249886 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401284933 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401309013 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401345015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401352882 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401397943 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401411057 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401453018 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401465893 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401508093 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401520014 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401556015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401566029 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401607990 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401626110 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401648045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401662111 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401683092 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401695967 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401740074 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401763916 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401804924 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401818037 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401859045 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401874065 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401920080 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401932001 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401954889 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.401973009 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.401989937 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402012110 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402055025 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402077913 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402108908 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402117968 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402153969 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402165890 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402206898 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402339935 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402384996 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402398109 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402439117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402451992 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402491093 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402506113 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402548075 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402560949 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402600050 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402615070 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402657032 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402669907 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402714968 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402729034 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402781963 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402823925 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402873039 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402887106 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402930021 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402944088 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.402980089 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.402992010 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.403036118 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.403048992 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.403085947 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.403106928 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.403126001 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637496948 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637535095 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637547016 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637558937 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637571096 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637583017 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637588978 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637619019 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637634039 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637648106 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637670040 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637692928 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637706041 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637717009 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637727976 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637737989 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637757063 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637768030 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637768030 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637777090 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637789965 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637831926 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637871981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637871981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637871981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637908936 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637938976 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637944937 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637944937 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637959003 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.637973070 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.637984991 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638000011 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638011932 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638032913 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638046026 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638056040 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638067007 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638091087 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638108015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638108015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638120890 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638139009 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638148069 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638175011 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638189077 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638192892 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638205051 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638216019 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638230085 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638242006 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638262033 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638273001 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638287067 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638298035 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638319016 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638331890 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638339996 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638350964 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638374090 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638394117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638394117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638413906 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638422012 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638433933 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638446093 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638463974 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638479948 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638495922 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638514042 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638533115 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638541937 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638571978 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638582945 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638595104 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638626099 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638645887 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638674974 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638685942 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638711929 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638765097 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638797045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638817072 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638837099 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638871908 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638884068 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.638916016 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.638958931 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639003038 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639015913 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639027119 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639048100 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639065981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639089108 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639092922 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639106035 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639144897 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639210939 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639246941 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639254093 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639264107 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639277935 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639286041 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639302015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639314890 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639333963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639378071 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639393091 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639405012 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639426947 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639434099 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639447927 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639471054 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639527082 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639544964 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639581919 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639625072 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639636993 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639647007 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639653921 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639666080 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639683008 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.639689922 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.639725924 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.642620087 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.642632008 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.642673969 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.642713070 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.642725945 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.642761946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.642811060 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.642858028 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.642868042 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.642879963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.642920971 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.642931938 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.642954111 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.642971039 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.642988920 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643002033 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643027067 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643033981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643049002 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643059015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643066883 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643099070 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643105984 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643126965 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643138885 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643158913 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643167019 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643202066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643214941 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643227100 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643239975 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643248081 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643265009 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643282890 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643309116 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643345118 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643351078 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643384933 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643452883 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643476009 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643492937 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643510103 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643619061 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643631935 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643660069 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643681049 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643688917 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643702984 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643723965 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643740892 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643850088 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643862963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643889904 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643901110 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.643971920 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.643985033 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644015074 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644032001 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644218922 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644232035 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644259930 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644270897 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644427061 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644439936 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644475937 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644496918 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644560099 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644589901 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644598961 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644630909 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644687891 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644701958 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644731998 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644754887 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644768953 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644804955 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644840956 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644840956 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644865036 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644905090 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.644913912 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.644957066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645024061 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645064116 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645070076 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645107031 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645226955 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645272017 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645283937 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645307064 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645325899 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645338058 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645344973 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645385981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645399094 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645442963 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645456076 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645489931 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645611048 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645637035 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645647049 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645675898 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645719051 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645754099 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645764112 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645802975 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645880938 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645920038 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.645935059 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.645979881 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646079063 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646090984 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646111965 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646126986 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646142006 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646147013 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646156073 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646181107 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646272898 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646285057 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646320105 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646385908 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646425962 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646435022 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646477938 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646522045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646534920 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646574020 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646574020 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646594048 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646606922 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646632910 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646655083 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646787882 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646805048 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646831036 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646840096 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646859884 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646873951 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.646909952 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.646929026 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647059917 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647073030 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647102118 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647113085 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647213936 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647258997 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647272110 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647317886 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647545099 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647591114 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647605896 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647646904 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647660971 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647711039 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647723913 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647737026 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647761106 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647778034 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647836924 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647850990 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647862911 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647886992 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647908926 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647908926 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647933006 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.647974014 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.647996902 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648040056 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648062944 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648077011 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648103952 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648113966 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648226976 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648238897 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648272991 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648405075 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648447990 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648515940 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648528099 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648555040 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648561954 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648582935 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648641109 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648684978 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648696899 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648736000 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648824930 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648838043 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648870945 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648881912 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.648952007 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.648994923 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649000883 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649045944 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649252892 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649297953 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649310112 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649352074 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649363995 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649396896 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649405003 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649431944 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649554014 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649597883 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649610996 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649632931 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649657965 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649665117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649676085 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649709940 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649816990 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649852037 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649859905 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649895906 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649914026 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649926901 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.649955034 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.649965048 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650080919 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650093079 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650126934 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650171995 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650185108 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650214911 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650233984 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650316954 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650329113 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650358915 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650367975 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650386095 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650429964 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650443077 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650480986 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650504112 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650544882 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650557041 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650594950 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650623083 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650669098 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650682926 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650724888 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650794029 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650821924 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.650832891 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650863886 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.650960922 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651002884 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651010990 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651048899 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651129961 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651143074 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651173115 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651184082 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651247025 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651292086 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651307106 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651351929 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651365042 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651388884 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651407957 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651424885 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651429892 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651442051 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.651463032 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.651475906 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884237051 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884279966 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884319067 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884357929 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884397030 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884423018 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884445906 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884475946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884500027 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884536982 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884560108 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884586096 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884615898 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884653091 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884673119 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884708881 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884746075 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884768009 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884800911 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884839058 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884860039 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884893894 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.884916067 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884954929 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.884974003 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885010004 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885042906 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885078907 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885097980 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885123014 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885152102 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885189056 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885210991 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885245085 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885266066 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885303974 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885327101 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885364056 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885380030 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885457039 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885477066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885505915 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885530949 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885584116 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885618925 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885656118 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885678053 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885701895 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885762930 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885802031 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885822058 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885850906 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885876894 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885914087 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.885934114 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885971069 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.885987043 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886023998 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886044025 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886082888 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886099100 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886136055 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886158943 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886192083 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886214018 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886250973 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886271000 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886307001 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886358023 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886394978 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886415005 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886446953 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886470079 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886507988 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886528015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886562109 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886707067 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886744022 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886764050 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886796951 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886818886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886856079 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886876106 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886909962 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.886930943 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886967897 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.886989117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887022972 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887042999 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887079000 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887099981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887131929 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887156010 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887192011 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887212038 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887238979 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887268066 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887305021 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887325048 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887352943 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887379885 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887414932 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887438059 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887469053 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887491941 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887527943 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887547016 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887564898 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887599945 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887635946 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887656927 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887691975 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887710094 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887747049 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887767076 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887801886 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887823105 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887866020 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887888908 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887931108 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.887945890 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887981892 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.887998104 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.888035059 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.888055086 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.888082981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.888108015 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.888144016 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.888164997 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.888197899 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.888217926 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.888254881 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.888276100 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.888309002 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.888879061 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.888917923 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.888937950 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.888967991 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.888994932 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889034033 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889066935 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889086962 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889111042 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889148951 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889168024 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889194965 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889283895 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889322996 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889343023 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889372110 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889400005 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889437914 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889458895 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889496088 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889513016 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889550924 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889573097 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889611006 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889692068 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889729023 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889750004 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889786005 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.889803886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.889857054 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890012980 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890049934 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890070915 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890103102 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890127897 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890183926 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890219927 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890255928 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890275955 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890309095 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890328884 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890461922 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890482903 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890515089 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890537977 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890574932 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890594959 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890616894 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890649080 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890686989 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890707016 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890741110 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890758991 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890799999 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890820026 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890857935 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890872002 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890889883 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.890917063 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.890928984 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891150951 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891180038 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891197920 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891216040 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891222954 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891241074 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891259909 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891280890 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891371965 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891416073 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891423941 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891436100 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891463995 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891484022 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891558886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891587973 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891597986 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891628981 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891638994 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891690016 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891871929 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891921043 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891932964 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891944885 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.891973972 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.891992092 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892041922 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892087936 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892101049 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892115116 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892148018 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892184973 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892215967 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892225027 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892246008 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892258883 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892282009 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892394066 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892405987 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892420053 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892441988 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892458916 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892637014 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892649889 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892683983 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892695904 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892703056 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892744064 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892812967 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892832041 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892846107 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.892868996 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.892878056 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893034935 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893068075 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893076897 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893134117 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893141031 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893151999 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893163919 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893176079 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893184900 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893202066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893237114 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893260002 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893306971 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893311977 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893336058 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893358946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893376112 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893404007 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893435955 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893460035 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893471956 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893480062 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893512964 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893621922 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893635035 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893646955 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893671036 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893681049 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893735886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893780947 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893793106 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893805981 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893846989 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893853903 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893918991 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.893985987 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.893997908 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.894021988 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.894047022 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.894064903 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.894119978 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.894165993 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.894179106 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.894191980 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.894218922 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.894232035 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895034075 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895047903 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895085096 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895102978 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895113945 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895127058 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895159960 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895170927 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895178080 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895214081 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895311117 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895351887 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895374060 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895406008 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895412922 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895437956 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895442963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895476103 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895484924 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895498991 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895510912 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895519972 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895538092 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895555973 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895562887 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895601988 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895606995 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895643950 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895689964 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895701885 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895714045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.895726919 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895744085 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.895761013 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.896012068 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.896049976 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.896110058 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.896152973 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.896279097 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.896318913 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.896382093 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.896421909 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.896460056 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.896503925 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.896517038 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.896555901 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.896657944 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.896698952 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897093058 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897140026 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897165060 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897202015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897214890 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897257090 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897269964 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897283077 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897310019 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897327900 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897334099 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897346020 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897358894 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897367001 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897377968 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897386074 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897396088 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897403955 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897420883 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897433043 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897442102 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897466898 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897502899 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897516012 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897528887 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897536993 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897545099 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897566080 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897576094 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897608042 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897629023 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897641897 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897654057 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897665024 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897681952 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897694111 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897701979 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897716045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897723913 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897751093 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897762060 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897769928 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897779942 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897802114 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897819042 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897826910 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897838116 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897862911 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897872925 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897881031 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897891045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897912979 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897938967 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.897973061 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897985935 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.897999048 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898010015 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898017883 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898025990 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898046970 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898053885 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898063898 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898072958 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898085117 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898094893 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898104906 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898114920 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898128033 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898132086 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898149967 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898161888 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898169994 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898205042 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898211956 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898224115 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898237944 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898247004 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898257971 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898272991 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898282051 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898289919 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898299932 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898309946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898324966 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898336887 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898344994 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898355007 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898380995 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898392916 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898403883 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898411989 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898427010 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898433924 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898444891 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898452044 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898462057 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898471117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898495913 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898507118 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898523092 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898536921 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898567915 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898586988 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898607016 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898619890 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898632050 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898644924 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898652077 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898667097 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898670912 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898684025 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898691893 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898703098 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898714066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898722887 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898736954 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898745060 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898756027 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898772955 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898798943 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898811102 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898823977 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898849010 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898860931 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898871899 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898900986 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898943901 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898957014 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.898996115 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.898996115 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899005890 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899018049 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899029970 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899041891 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899058104 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899068117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899100065 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899106026 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899117947 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899136066 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899151087 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899162054 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899194002 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899200916 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899210930 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899229050 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899243116 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899254084 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899267912 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899292946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899296999 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899316072 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899331093 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899342060 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899355888 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899380922 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899405003 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899418116 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899430037 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899435997 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899481058 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899497032 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899503946 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899523020 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899554014 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899687052 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899699926 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899777889 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899791956 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899813890 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899838924 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899852037 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899863958 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899897099 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899936914 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899949074 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.899956942 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.899969101 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900002003 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900010109 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900084019 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900094032 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900101900 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900116920 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900125027 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900135994 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900147915 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900162935 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900172949 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900180101 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900191069 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900202036 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900211096 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900224924 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900233984 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900252104 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900263071 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900270939 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900293112 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900300980 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900311947 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900329113 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900372982 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900396109 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900432110 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900458097 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900464058 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900464058 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900481939 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900492907 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900533915 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900540113 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900559902 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900589943 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900599003 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900624990 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900666952 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900676966 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900690079 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900722980 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900733948 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900743008 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900785923 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900799036 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900811911 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900847912 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900860071 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900866985 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900907040 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900913000 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900926113 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.900958061 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900964975 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.900975943 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901022911 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901031017 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901043892 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901077032 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901088953 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901097059 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901108027 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901119947 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901134968 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901140928 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901160002 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901170969 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901181936 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901201963 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901211023 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901232004 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901241064 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901249886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901262045 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901269913 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901283979 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901310921 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901325941 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901340961 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901352882 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901366949 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901372910 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901381969 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901392937 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901400089 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901410103 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901417971 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901433945 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901449919 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901460886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901473045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901494980 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901501894 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901510954 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901529074 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901561975 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901592016 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901604891 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901618958 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901633024 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901648045 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901662111 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901671886 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901686907 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901693106 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901705980 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901712894 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901737928 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901774883 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901787996 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901801109 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901813030 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901822090 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901834011 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901843071 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901854038 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901870966 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901890993 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901899099 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901952028 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901957035 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.901981115 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.901992083 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902017117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902028084 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902040958 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902053118 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902076006 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902087927 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902096033 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902106047 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902117968 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902142048 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902153015 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902164936 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902179003 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902193069 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902204037 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902220964 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902245045 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902297020 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902359009 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902369976 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902393103 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902420998 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902437925 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902458906 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902503967 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902566910 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902580023 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902591944 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902604103 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:12.902614117 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.902642012 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.903264046 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.976377010 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:12.977108955 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:13.223256111 CET2556549713116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:13.223339081 CET4971325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:13.223527908 CET2556549715116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:13.223622084 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:13.224080086 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:13.470474958 CET2556549715116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:13.470590115 CET2556549715116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:13.470679045 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:13.471216917 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:13.474924088 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:13.474957943 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:13.723752975 CET2556549715116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:14.074032068 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.074779034 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.176426888 CET2556549715116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:14.176584005 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.320584059 CET2556549714116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:14.320703983 CET4971425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.321096897 CET2556549716116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:14.321208000 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.321657896 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.568576097 CET2556549716116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:14.568619013 CET2556549716116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:14.568766117 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.569174051 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.571266890 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:14.817809105 CET2556549716116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:15.271469116 CET2556549716116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:15.271545887 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:15.314095974 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:15.314965010 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:15.561156988 CET2556549715116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:15.561355114 CET4971525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:15.561460972 CET2556549717116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:15.561558008 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:15.562094927 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:15.809297085 CET2556549717116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:15.810740948 CET2556549717116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:15.810830116 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:15.811327934 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:15.813776016 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:16.060349941 CET2556549717116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:16.511542082 CET2556549717116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:16.511642933 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:16.514205933 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:16.514950991 CET4971825565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:16.769278049 CET2556549716116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:16.769340038 CET2556549718116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:16.769387960 CET4971625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:16.769469976 CET4971825565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:16.770405054 CET4971825565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.017265081 CET2556549718116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:17.017947912 CET2556549718116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:17.018038988 CET4971825565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.018384933 CET4971825565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.020315886 CET4971825565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.022387028 CET4971925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.267431021 CET2556549718116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:17.267596960 CET4971825565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.268703938 CET2556549719116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:17.268795013 CET4971925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.269293070 CET4971925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.515577078 CET2556549719116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:17.516139984 CET2556549719116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:17.516257048 CET4971925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.516854048 CET4971925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.518769026 CET4971925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.520792961 CET4972025565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.765213013 CET2556549719116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:17.765294075 CET4971925565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.767087936 CET2556549720116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:17.767169952 CET4972025565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:17.767522097 CET4972025565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.013683081 CET2556549720116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:18.013773918 CET2556549720116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:18.014017105 CET4972025565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.014517069 CET4972025565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.016439915 CET4972025565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.019198895 CET4972125565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.263066053 CET2556549720116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:18.263190985 CET4972025565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.265526056 CET2556549721116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:18.265785933 CET4972125565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.266000032 CET4972125565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.512342930 CET2556549721116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:18.513058901 CET2556549721116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:18.513135910 CET4972125565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.513454914 CET4972125565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.515305042 CET4972125565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.517211914 CET4972225565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.762031078 CET2556549721116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:18.762243986 CET4972125565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.763650894 CET2556549722116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:18.763834000 CET4972225565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:18.764241934 CET4972225565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.010674000 CET2556549722116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:19.010950089 CET2556549722116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:19.011030912 CET4972225565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.011375904 CET4972225565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.013477087 CET4972225565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.015125990 CET4972325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.261084080 CET2556549722116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:19.261187077 CET4972225565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.261837006 CET2556549723116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:19.261926889 CET4972325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.262387037 CET4972325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.509160042 CET2556549723116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:19.509367943 CET2556549723116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:19.509442091 CET4972325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.509844065 CET4972325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.511575937 CET4972325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.758953094 CET2556549723116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:19.759255886 CET4972325565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:19.880861044 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.128125906 CET2556549724116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:20.128329992 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.128917933 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.377058029 CET2556549724116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:20.377125025 CET2556549724116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:20.377310038 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.377737045 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.381000042 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.627700090 CET2556549724116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:20.946499109 CET2556549724116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:20.946549892 CET2556549724116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:20.946611881 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.946638107 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.950314999 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:20.951204062 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:21.197212934 CET2556549717116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:21.197269917 CET2556549725116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:21.197283983 CET4971725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:21.197359085 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:21.197915077 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:21.444291115 CET2556549725116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:21.444895029 CET2556549725116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:21.444983959 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:21.445406914 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:21.448518038 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:21.694880962 CET2556549725116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.033726931 CET2556549725116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.033807039 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.095921993 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.096812963 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.343355894 CET2556549724116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.343424082 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.343492031 CET4972425565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.343569040 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.343945980 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.590661049 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.591444016 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.591562033 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.598625898 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.600678921 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.600812912 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.847415924 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.847471952 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.847508907 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.847537994 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.847604990 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.847604990 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.848494053 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.848553896 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.848576069 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.848620892 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:22.888693094 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:22.888803005 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.094440937 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094501019 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094537020 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094568968 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094604969 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094610929 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.094636917 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094662905 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.094670057 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094691038 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.094716072 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.094808102 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094852924 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.094929934 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.094978094 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.095097065 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.095150948 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.095215082 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.095266104 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.095451117 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.095495939 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.135581970 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.135726929 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.341619968 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.341681957 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.341717005 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.341727018 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.341809988 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.341836929 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.341912031 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.342184067 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.342245102 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.342298985 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.342372894 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.342416048 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.342508078 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:23.342573881 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.342727900 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343044996 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343173027 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343295097 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343333006 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343388081 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343492985 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343544960 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343655109 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343760967 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343873978 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343949080 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.343981981 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.382427931 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.382890940 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.382924080 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.382956982 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.383044958 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.588493109 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.588547945 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.588582993 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.588617086 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.588790894 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.589277029 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.589658976 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.589844942 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.589900970 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.589991093 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590023041 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590104103 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590137005 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590198994 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590230942 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590306997 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590359926 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590435028 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590468884 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590579987 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.590980053 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.591012955 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:23.591114044 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:24.303011894 CET2556549726116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:24.303143978 CET4972625565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:24.750014067 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:24.750674963 CET4972725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:24.996658087 CET2556549725116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:24.996738911 CET4972525565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:24.997345924 CET2556549727116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:24.997433901 CET4972725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:24.997790098 CET4972725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:25.245019913 CET2556549727116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:25.246248007 CET2556549727116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:25.246434927 CET4972725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:25.246603012 CET4972725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:25.248569965 CET4972725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:25.495373011 CET2556549727116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:25.849495888 CET2556549727116.202.183.33192.168.2.7
                                                                                                                      Dec 7, 2023 10:50:25.849628925 CET4972725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:28.516807079 CET4972725565192.168.2.7116.202.183.33
                                                                                                                      Dec 7, 2023 10:50:28.517703056 CET4972625565192.168.2.7116.202.183.33

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 7, 2023 10:50:02.475577116 CET5563453192.168.2.71.1.1.1
                                                                                                                      Dec 7, 2023 10:50:02.600763083 CET53556341.1.1.1192.168.2.7

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Dec 7, 2023 10:50:02.475577116 CET192.168.2.71.1.1.10x70a1Standard query (0)t.meA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Dec 7, 2023 10:50:02.600763083 CET1.1.1.1192.168.2.70x70a1No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • t.me

                                                                                                                      HTTPS Proxied Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.749702149.154.167.994436496C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2023-12-07 09:50:03 UTC87OUTGET /redcarsc HTTP/1.1
                                                                                                                      Host: t.me
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2023-12-07 09:50:03 UTC512INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 37 20 44 65 63 20 32 30 32 33 20 30 39 3a 35 30 3a 30 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 33 35 39 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 73 74 65 6c 5f 73 73 69 64 3d 34 31 38 31 39 33 35 39 64 38 37 35 63 63 37 33 63 63 5f 31 30 34 39 33 31 34 33 33 31 34 36 35 37 36 36 31 38 34 34 3b 20 65 78 70 69 72 65 73 3d 46 72 69 2c 20 30 38 20 44 65 63 20 32 30 32 33 20 30 39 3a 35 30 3a 30 33 20
                                                                                                                      Data Ascii: HTTP/1.1 200 OKServer: nginx/1.18.0Date: Thu, 07 Dec 2023 09:50:03 GMTContent-Type: text/html; charset=utf-8Content-Length: 12359Connection: closeSet-Cookie: stel_ssid=41819359d875cc73cc_10493143314657661844; expires=Fri, 08 Dec 2023 09:50:03
                                                                                                                      2023-12-07 09:50:03 UTC12359INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 72 65 64 63 61 72 73 63 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65
                                                                                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @redcarsc</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pare


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:10:49:52
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Users\user\Desktop\all the necessary information.scr
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\all the necessary information.scr" /S
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:672'236'584 bytes
                                                                                                                      MD5 hash:DF5AC38D7BC0233A2775FE6A54DB880A
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:Borland Delphi
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1331728696.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:2.1%
                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                        Signature Coverage:14%
                                                                                                                        Total number of Nodes:1244
                                                                                                                        Total number of Limit Nodes:161
                                                                                                                        execution_graph 75221 61e597a7 75222 61e597b4 75221->75222 75223 61e597c4 75221->75223 75262 61e1aec6 free realloc malloc 75222->75262 75237 61e15172 75223->75237 75226 61e59868 75231 61e59893 75226->75231 75247 61e29e56 75226->75247 75227 61e59863 75264 61e165ec 75227->75264 75228 61e59804 75228->75226 75228->75227 75232 61e5983d 75228->75232 75231->75227 75233 61e5aea6 75231->75233 75263 61e1a7b6 free realloc malloc 75232->75263 75269 61e69e8f 31 API calls 75233->75269 75234 61e5ae99 75238 61e15187 75237->75238 75239 61e1522e 75237->75239 75238->75239 75240 61e151bd 75238->75240 75241 61e0cb60 30 API calls 75238->75241 75239->75228 75270 61e0cb60 75240->75270 75241->75240 75243 61e151db 75243->75239 75244 61e0cb60 30 API calls 75243->75244 75245 61e15206 75244->75245 75245->75239 75246 61e0cb60 30 API calls 75245->75246 75246->75239 75248 61e29e63 75247->75248 75249 61e2a035 75247->75249 75248->75249 75685 61e1c4d7 75248->75685 75249->75231 75251 61e2a03b 75253 61e29a02 3 API calls 75251->75253 75252 61e29f15 75252->75249 75261 61e1eea7 free memmove realloc malloc 75252->75261 75253->75249 75254 61e2a05a 75694 61e1ad86 free realloc malloc 75254->75694 75255 61e29ebb 75255->75251 75255->75252 75255->75254 75256 61e2a037 75255->75256 75259 61e2a01b 75255->75259 75693 61e1eea7 free memmove realloc malloc 75255->75693 75256->75251 75256->75254 75260 61e29a02 3 API calls 75259->75260 75260->75249 75261->75252 75262->75223 75263->75227 75265 61e165fc 75264->75265 75268 61e165a3 75264->75268 75265->75234 75267 61e0aee0 free 75267->75268 75268->75264 75268->75267 75704 61e1658e 75268->75704 75269->75234 75271 61e0cca6 75270->75271 75272 61e0cb68 75270->75272 75271->75243 75273 61e0cb7b 75272->75273 75274 61e0cb60 30 API calls 75272->75274 75276 61e75f1f 75272->75276 75273->75243 75274->75272 75277 61e75fd0 75276->75277 75278 61e75f53 75276->75278 75277->75272 75278->75277 75279 61e75fa8 75278->75279 75322 61e1aaa4 75278->75322 75279->75277 75313 61e1af14 75279->75313 75282 61e0cb60 30 API calls 75308 61e75fe4 75282->75308 75284 61e761a9 75328 61e1a7b6 free realloc malloc 75284->75328 75285 61e76667 75285->75277 75337 61e1a7b6 free realloc malloc 75285->75337 75290 61e24fdf free realloc malloc 75307 61e762e8 75290->75307 75293 61e1ba4a 30 API calls 75293->75308 75295 61e1aaa4 free realloc malloc 75295->75308 75296 61e1a7b6 free realloc malloc 75296->75308 75299 61e1ad86 free realloc malloc 75299->75308 75300 61e767d1 75338 61e0aee0 75300->75338 75303 61e2086f free realloc malloc 75303->75307 75304 61e1cc77 free realloc malloc 75304->75307 75307->75277 75307->75285 75307->75290 75307->75303 75307->75304 75332 61e20759 free realloc malloc 75307->75332 75333 61e1ad86 free realloc malloc 75307->75333 75334 61e1a7b6 free realloc malloc 75307->75334 75335 61e27289 free realloc malloc 75307->75335 75336 61e24de7 free realloc malloc 75307->75336 75308->75277 75308->75282 75308->75284 75308->75293 75308->75295 75308->75296 75308->75299 75308->75300 75308->75307 75309 61e76150 75308->75309 75310 61e769f5 75308->75310 75311 61e593bd free realloc malloc strcmp GetSystemInfo 75308->75311 75318 61e75edb 75308->75318 75325 61e29a02 75308->75325 75330 61e6b5bb 30 API calls 75308->75330 75331 61e24a13 free realloc malloc 75308->75331 75343 61e1aec6 free realloc malloc 75308->75343 75329 61e1a7b6 free realloc malloc 75309->75329 75344 61e1a7b6 free realloc malloc 75310->75344 75311->75308 75314 61e1af54 75313->75314 75315 61e1af18 75313->75315 75314->75308 75317 61e1af33 75315->75317 75345 61e1aec6 free realloc malloc 75315->75345 75317->75308 75319 61e75ef1 75318->75319 75346 61e75c77 75319->75346 75321 61e75f17 75321->75308 75323 61e1a985 3 API calls 75322->75323 75324 61e1aab4 75323->75324 75324->75279 75659 61e1a755 75325->75659 75328->75277 75329->75277 75330->75308 75331->75308 75332->75307 75333->75307 75334->75307 75335->75307 75336->75307 75337->75277 75339 61e0aef0 75338->75339 75340 61e0ae85 75338->75340 75339->75277 75341 61e0ae03 free 75340->75341 75342 61e0adeb 75340->75342 75341->75342 75342->75277 75343->75308 75344->75277 75345->75317 75347 61e75ca7 75346->75347 75348 61e75c90 75346->75348 75380 61e757ae 75347->75380 75350 61e75da8 75348->75350 75355 61e75d3a 75348->75355 75356 61e75cb0 75348->75356 75384 61e23bfe 75348->75384 75351 61e75eb6 75350->75351 75352 61e75e90 75350->75352 75350->75356 75409 61e1a7b6 free realloc malloc 75351->75409 75408 61e1a7b6 free realloc malloc 75352->75408 75355->75350 75355->75356 75357 61e1aaa4 3 API calls 75355->75357 75356->75321 75358 61e75d7e 75357->75358 75358->75350 75400 61e1ad86 free realloc malloc 75358->75400 75360 61e75d93 75361 61e75dad 75360->75361 75362 61e75d99 75360->75362 75401 61e1ad86 free realloc malloc 75361->75401 75364 61e0aee0 free 75362->75364 75364->75350 75366 61e75ddd 75402 61e24945 free realloc malloc 75366->75402 75368 61e75de8 75403 61e24945 free realloc malloc 75368->75403 75370 61e75df3 75404 61e1ad86 free realloc malloc 75370->75404 75372 61e75dfd 75405 61e24945 free realloc malloc 75372->75405 75374 61e75e08 75406 61e29a18 free realloc malloc 75374->75406 75376 61e75e24 75376->75356 75407 61e1a7b6 free realloc malloc 75376->75407 75378 61e75e3f 75379 61e0aee0 free 75378->75379 75379->75356 75381 61e757c2 75380->75381 75383 61e757be 75380->75383 75410 61e7571b 75381->75410 75383->75348 75385 61e23c36 75384->75385 75386 61e23c13 75384->75386 75630 61e14718 75385->75630 75625 61e13da6 75386->75625 75388 61e23c79 75390 61e23c34 75388->75390 75392 61e23ca0 75388->75392 75393 61e23c85 75388->75393 75390->75355 75391 61e23c26 75391->75385 75394 61e23c2c 75391->75394 75644 61e0df09 free 75392->75644 75643 61e1a839 free realloc malloc 75393->75643 75629 61e1a839 free realloc malloc 75394->75629 75397 61e23c8d 75398 61e0aee0 free 75397->75398 75398->75390 75400->75360 75401->75366 75402->75368 75403->75370 75404->75372 75405->75374 75406->75376 75407->75378 75408->75356 75409->75356 75411 61e75751 75410->75411 75413 61e75744 75410->75413 75416 61e753be 75411->75416 75414 61e753be 30 API calls 75413->75414 75415 61e75768 75413->75415 75414->75413 75415->75383 75445 61e885c9 75416->75445 75418 61e75485 75418->75413 75419 61e7545e 75419->75418 75427 61e754da 75419->75427 75434 61e754d2 75419->75434 75464 61e4c7c5 75419->75464 75420 61e756df 75520 61e16f42 free 75420->75520 75424 61e754b4 75425 61e754c1 75424->75425 75424->75427 75513 61e1ae16 free realloc malloc 75425->75513 75430 61e7553c 75427->75430 75514 61e23a4e free realloc malloc 75427->75514 75428 61e755ad 75515 61e1ae16 free realloc malloc 75428->75515 75430->75428 75431 61e755c6 75430->75431 75433 61e29a02 3 API calls 75431->75433 75435 61e7560c 75433->75435 75434->75418 75434->75420 75519 61e1a839 free realloc malloc 75434->75519 75479 61e75015 75435->75479 75438 61e75647 75439 61e0aee0 free 75438->75439 75440 61e75667 75439->75440 75441 61e75675 75440->75441 75516 61e752d9 25 API calls 75440->75516 75444 61e755c1 75441->75444 75517 61e16f9b free 75441->75517 75444->75418 75444->75434 75518 61e52f4f 22 API calls 75444->75518 75446 61e885e9 75445->75446 75447 61e885fd 75445->75447 75448 61e885f2 75446->75448 75451 61e88607 75446->75451 75447->75419 75521 61e2ae36 free realloc malloc 75448->75521 75452 61e88640 75451->75452 75456 61e8860d 75451->75456 75455 61e88687 75452->75455 75522 61e2ae36 free realloc malloc 75452->75522 75454 61e886f3 75526 61e5655a 24 API calls 75454->75526 75455->75454 75458 61e886ec 75455->75458 75459 61e886f5 75455->75459 75456->75447 75527 61e2ae36 free realloc malloc 75456->75527 75523 61e1a839 free realloc malloc 75458->75523 75459->75454 75524 61e2d35e free realloc malloc 75459->75524 75462 61e88706 75525 61e2ae36 free realloc malloc 75462->75525 75475 61e4c7e7 75464->75475 75468 61e4c907 memcmp 75468->75475 75469 61e4ccf6 75470 61e4ccf1 75469->75470 75568 61e14bcf free realloc malloc 75469->75568 75470->75424 75471 61e4c95d memcmp 75471->75475 75472 61e4cc08 memcmp 75472->75475 75473 61e4c9d9 memcmp 75473->75475 75475->75468 75475->75469 75475->75470 75475->75471 75475->75472 75475->75473 75528 61e4b8a1 75475->75528 75550 61e032bd 75475->75550 75553 61eb24c5 10 API calls 75475->75553 75554 61e0c919 75475->75554 75558 61e15e54 75475->75558 75567 61e2a72e free realloc malloc 75475->75567 75569 61e2d258 75479->75569 75482 61e75036 75604 61e2c708 free realloc malloc 75482->75604 75483 61e75045 75575 61e0c05c 75483->75575 75486 61e751a8 75487 61e75266 75486->75487 75618 61e56534 24 API calls 75486->75618 75489 61e0aee0 free 75487->75489 75490 61e75272 75489->75490 75619 61e11243 75490->75619 75494 61e75040 75494->75438 75496 61e75290 75624 61e1ad86 free realloc malloc 75496->75624 75499 61e75299 75499->75494 75503 61e0c05c free 75499->75503 75502 61e0aee0 free 75504 61e75063 75502->75504 75503->75494 75504->75486 75504->75502 75505 61e751e3 75504->75505 75509 61e751a1 75504->75509 75512 61e885c9 24 API calls 75504->75512 75579 61e7485a 75504->75579 75605 61e1a985 75504->75605 75613 61e1f9e1 free 75504->75613 75614 61e11954 free 75504->75614 75617 61e56534 24 API calls 75504->75617 75616 61e56534 24 API calls 75505->75616 75508 61e751eb 75510 61e0c05c free 75508->75510 75615 61e1a839 free realloc malloc 75509->75615 75510->75486 75512->75504 75513->75434 75514->75430 75515->75444 75516->75441 75517->75444 75518->75434 75519->75420 75520->75418 75521->75447 75522->75455 75523->75454 75524->75462 75525->75454 75526->75447 75527->75447 75539 61e4b8b9 75528->75539 75540 61e4bc0c 75528->75540 75529 61e4bcbe 75529->75475 75530 61e13b24 free 75530->75529 75531 61e4bb3d 75531->75529 75531->75530 75532 61e3720a 15 API calls 75532->75540 75533 61e014e3 7 API calls 75534 61e4bb76 75533->75534 75534->75531 75535 61e4bb91 memcmp 75534->75535 75541 61e4bbaf 75535->75541 75536 61e4baf0 75536->75531 75537 61e4abf5 14 API calls 75536->75537 75549 61e4b9c4 75536->75549 75537->75549 75538 61e4b8df 75538->75531 75538->75536 75542 61e0161e 10 API calls 75538->75542 75538->75549 75539->75531 75539->75538 75543 61e0161e 10 API calls 75539->75543 75547 61e4b976 75539->75547 75539->75549 75540->75531 75540->75532 75541->75540 75544 61eb24c5 10 API calls 75541->75544 75545 61e4bada 75542->75545 75543->75547 75544->75540 75545->75536 75548 61e2a6f9 free realloc malloc 75545->75548 75546 61e014e3 7 API calls 75546->75538 75547->75538 75547->75546 75547->75549 75548->75536 75549->75531 75549->75533 75549->75541 75551 61e02a84 14 API calls 75550->75551 75552 61e032dd 75551->75552 75552->75475 75553->75475 75555 61e0c930 75554->75555 75556 61e0c91f 75554->75556 75555->75475 75557 61e0c3f2 free 75556->75557 75557->75555 75561 61e15e6b 75558->75561 75559 61e15f21 75559->75475 75560 61e15ada free realloc malloc 75562 61e15ec9 75560->75562 75561->75559 75561->75560 75563 61e15ecf 75561->75563 75562->75563 75564 61e15f14 75562->75564 75565 61e0c3f2 free 75563->75565 75566 61e0c3f2 free 75564->75566 75565->75559 75566->75559 75567->75475 75568->75470 75570 61e2d26c 75569->75570 75574 61e2d262 75569->75574 75571 61e2d29e 75570->75571 75572 61e2d217 free realloc malloc 75570->75572 75571->75482 75571->75483 75572->75574 75573 61e2a4ce free realloc malloc 75573->75571 75574->75571 75574->75573 75576 61e0c035 75575->75576 75577 61e0b2d1 free 75576->75577 75578 61e0bff0 75576->75578 75577->75578 75578->75504 75584 61e74877 75579->75584 75580 61e6baa5 23 API calls 75580->75584 75581 61e59035 24 API calls 75581->75584 75582 61e115e3 free 75582->75584 75583 61e1e840 free memmove realloc malloc 75583->75584 75584->75580 75584->75581 75584->75582 75584->75583 75585 61e1a839 free realloc malloc 75584->75585 75586 61e2036b free realloc malloc 75584->75586 75587 61e74e5f 75584->75587 75588 61e12ff1 free 75584->75588 75589 61e11243 free 75584->75589 75591 61e74e6b 75584->75591 75592 61e56534 24 API calls 75584->75592 75593 61e29958 free realloc malloc 75584->75593 75594 61e241d7 free strcmp realloc malloc 75584->75594 75598 61e0b312 free 75584->75598 75601 61e74c52 75584->75601 75602 61e0b2d1 free 75584->75602 75603 61e1e595 free memmove realloc malloc 75584->75603 75585->75584 75586->75584 75590 61e1a839 free realloc malloc 75587->75590 75588->75584 75589->75584 75590->75591 75595 61e0aee0 free 75591->75595 75592->75584 75593->75584 75594->75584 75596 61e74f4e 75595->75596 75597 61e1ad86 free realloc malloc 75596->75597 75596->75601 75599 61e74f61 75597->75599 75598->75584 75600 61e11243 free 75599->75600 75600->75601 75601->75504 75602->75584 75603->75584 75604->75494 75606 61e1a992 75605->75606 75607 61e1a8b5 75605->75607 75608 61e1a908 75607->75608 75609 61e13da6 free realloc malloc 75607->75609 75608->75504 75610 61e1a8c5 75609->75610 75611 61e1a8d2 75610->75611 75612 61e1a839 free realloc malloc 75610->75612 75611->75504 75612->75611 75613->75504 75614->75504 75615->75486 75616->75508 75617->75504 75618->75487 75620 61e11206 75619->75620 75621 61e11231 75620->75621 75622 61e0c05c free 75620->75622 75621->75494 75623 61e2d35e free realloc malloc 75621->75623 75622->75621 75623->75496 75624->75499 75626 61e13e8a 75625->75626 75627 61e13dc2 75625->75627 75626->75391 75627->75626 75645 61e2a6af malloc 75627->75645 75629->75390 75631 61e14730 75630->75631 75632 61e14799 75631->75632 75634 61e1473a 75631->75634 75633 61e13da6 3 API calls 75632->75633 75642 61e14786 75632->75642 75637 61e147ad 75633->75637 75634->75642 75650 61e0ae03 75634->75650 75639 61e13da6 3 API calls 75637->75639 75637->75642 75640 61e14812 75639->75640 75641 61e0ae03 free 75640->75641 75640->75642 75641->75642 75642->75388 75643->75397 75644->75390 75646 61e2a6d5 75645->75646 75647 61e2a6c8 75645->75647 75649 61e2a4ce free realloc malloc 75646->75649 75647->75626 75649->75647 75651 61e0ae55 75650->75651 75652 61e0ae11 75650->75652 75651->75642 75654 61e0b519 75651->75654 75652->75651 75653 61e0ae2e free 75652->75653 75653->75651 75655 61e0ae03 free 75654->75655 75658 61e0b539 75655->75658 75656 61e0b558 75656->75642 75657 61e0ae03 free 75657->75658 75658->75656 75658->75657 75666 61e19208 75659->75666 75663 61e1a79e 75664 61e1a7ad 75663->75664 75682 61e1a839 free realloc malloc 75663->75682 75664->75308 75672 61e19220 75666->75672 75667 61e192b1 75675 61e1aa4a 75667->75675 75668 61e19296 75683 61e1d373 free realloc malloc 75668->75683 75670 61e1d3a8 free realloc malloc 75670->75672 75671 61e1a99c free realloc malloc 75671->75672 75672->75667 75672->75668 75672->75670 75672->75671 75673 61e1d54e free realloc malloc 75672->75673 75674 61e0aee0 free 75672->75674 75673->75672 75674->75672 75676 61e1aa6a 75675->75676 75677 61e1a9fb 75675->75677 75676->75663 75677->75676 75678 61e1a985 3 API calls 75677->75678 75679 61e1aa15 75678->75679 75680 61e1aa1c 75679->75680 75684 61e0af32 free 75679->75684 75680->75663 75682->75664 75683->75667 75684->75680 75686 61e1c50f 75685->75686 75687 61e1c4f2 75685->75687 75695 61e1a8d8 75686->75695 75702 61e115e3 free 75687->75702 75690 61e1c52b 75690->75255 75691 61e1c500 75692 61e0aee0 free 75691->75692 75692->75686 75693->75255 75694->75249 75696 61e1a8b5 75695->75696 75697 61e1a908 75696->75697 75698 61e13da6 3 API calls 75696->75698 75697->75690 75699 61e1a8c5 75698->75699 75700 61e1a8d2 75699->75700 75703 61e1a839 free realloc malloc 75699->75703 75700->75690 75702->75691 75703->75700 75705 61e165a1 75704->75705 75706 61e164fb 75704->75706 75705->75268 75708 61e16531 75706->75708 75715 61e16546 75706->75715 75718 61e164fb free 75706->75718 75707 61e16572 75707->75268 75711 61e16541 75708->75711 75712 61e16548 75708->75712 75709 61e0aee0 free 75709->75707 75719 61e16404 free 75711->75719 75714 61e165ec free 75712->75714 75716 61e1654d 75714->75716 75715->75707 75715->75709 75716->75715 75720 61e1677f free 75716->75720 75718->75708 75719->75715 75720->75715 75721 61e16b04 75723 61e16b14 75721->75723 75722 61e16b4e 75724 61e16bcb 75722->75724 75742 61e16b55 75722->75742 75723->75722 75727 61e14718 3 API calls 75723->75727 75748 61e16889 75723->75748 75725 61e16c1e 75724->75725 75733 61e16bcf 75724->75733 75767 61e16404 free 75725->75767 75727->75723 75729 61e16c1c 75759 61e165fe 75729->75759 75732 61e0aee0 free 75735 61e16c44 75732->75735 75733->75729 75734 61e16c0d 75733->75734 75739 61e0aee0 free 75733->75739 75736 61e0aee0 free 75734->75736 75737 61e0aee0 free 75735->75737 75736->75729 75741 61e16c53 75737->75741 75738 61e14718 3 API calls 75738->75742 75739->75733 75740 61e16aa0 free 75740->75742 75743 61e165ec free 75741->75743 75742->75729 75742->75738 75742->75740 75744 61e0aee0 free 75742->75744 75745 61e16c62 75743->75745 75744->75742 75746 61e0aee0 free 75745->75746 75747 61e16c6e 75746->75747 75749 61e1658e free 75748->75749 75750 61e168a4 75749->75750 75751 61e165ec free 75750->75751 75752 61e168b3 75751->75752 75753 61e0aee0 free 75752->75753 75754 61e168c2 75753->75754 75755 61e168d7 75754->75755 75756 61e0aee0 free 75754->75756 75757 61e0aee0 free 75755->75757 75756->75755 75758 61e168e3 75757->75758 75758->75723 75760 61e16609 75759->75760 75765 61e16661 75759->75765 75761 61e1663d 75760->75761 75762 61e0aee0 free 75760->75762 75763 61e0aee0 free 75761->75763 75762->75760 75764 61e1664c 75763->75764 75764->75765 75766 61e165ec free 75764->75766 75765->75732 75766->75765 75767->75729 75768 2a2263c5 75769 2a2263d6 75768->75769 75773 2a226452 75768->75773 75770 2a2263e6 CreateFileW 75769->75770 75771 2a226411 75770->75771 75772 2a226428 FindCloseChangeNotification 75771->75772 75772->75773 75774 61e7efee 75777 61e89bfd 75774->75777 75778 61e89c27 75777->75778 75790 61e89c44 75777->75790 75779 61e89c49 75778->75779 75780 61e89c2e 75778->75780 75782 61e89c53 75779->75782 75793 61e89c7f 75779->75793 75895 61e1a7b6 free realloc malloc 75780->75895 75896 61e25258 free realloc malloc 75782->75896 75784 61e89d9c 75785 61e89da2 75784->75785 75786 61e89db4 75784->75786 75903 61e1a7b6 free realloc malloc 75785->75903 75795 61e88fca 75786->75795 75787 61e89c70 75787->75784 75792 61e89d49 75787->75792 75898 61e253a9 75792->75898 75793->75787 75897 61e25258 free realloc malloc 75793->75897 75796 61e89005 75795->75796 75846 61e891aa 75795->75846 75797 61e757ae 30 API calls 75796->75797 75796->75846 75799 61e89027 75797->75799 75798 61e1658e free 75800 61e89baa 75798->75800 75802 61e253a9 3 API calls 75799->75802 75799->75846 75801 61e165ec free 75800->75801 75803 61e89bbc 75801->75803 75804 61e8903a 75802->75804 75956 61e16c9d free 75803->75956 75813 61e890d9 75804->75813 75804->75846 75917 61e248d8 75804->75917 75806 61e89bc7 75807 61e0aee0 free 75806->75807 75809 61e89bd9 75807->75809 75809->75790 75811 61e89080 75927 61e0d049 30 API calls 75811->75927 75815 61e891af 75813->75815 75820 61e890fb 75813->75820 75813->75846 75817 61e891b9 75815->75817 75818 61e891df 75815->75818 75816 61e890c9 75819 61e75edb 30 API calls 75816->75819 75929 61e1a7b6 free realloc malloc 75817->75929 75822 61e891ff 75818->75822 75823 61e892c1 75818->75823 75819->75813 75928 61e1a7b6 free realloc malloc 75820->75928 75930 61e1b666 75822->75930 75827 61e29a02 3 API calls 75823->75827 75826 61e89206 75826->75846 75934 61e29795 free strrchr realloc malloc 75826->75934 75830 61e892f1 75827->75830 75829 61e8931a 75831 61e893ea 75829->75831 75837 61e89324 75829->75837 75829->75846 75830->75829 75830->75846 75937 61e247a0 free realloc malloc 75830->75937 75842 61e893d2 75831->75842 75939 61e1a7b6 free realloc malloc 75831->75939 75833 61e89229 75833->75830 75836 61e8925b 75833->75836 75838 61e89284 75833->75838 75833->75846 75834 61e89354 75834->75846 75938 61e247a0 free realloc malloc 75834->75938 75935 61e1a7b6 free realloc malloc 75836->75935 75904 61e1cb7a 75837->75904 75838->75836 75841 61e892a9 75838->75841 75936 61e22f50 free realloc malloc 75841->75936 75842->75846 75914 61e1ab7b 75842->75914 75843 61e893c8 75908 61e1cb72 75843->75908 75846->75798 75850 61e16889 free 75850->75846 75852 61e8952e 75854 61e895f4 75852->75854 75857 61e89604 75852->75857 75865 61e8970a 75852->75865 75941 61e24d02 free realloc malloc 75852->75941 75943 61e278ee free memmove realloc malloc 75852->75943 75942 61e1a7b6 free realloc malloc 75854->75942 75855 61e89810 75855->75857 75858 61e8995e 75855->75858 75864 61e89904 75855->75864 75857->75846 75857->75850 75858->75857 75946 61e22a48 free realloc malloc 75858->75946 75859 61e8990a 75861 61e14718 3 API calls 75859->75861 75863 61e89919 75861->75863 75862 61e89985 75862->75857 75947 61e55111 19 API calls 75862->75947 75863->75857 75945 61e1a839 free realloc malloc 75863->75945 75864->75859 75869 61e89b25 75864->75869 75865->75855 75872 61e89863 75865->75872 75954 61e1a7b6 free realloc malloc 75869->75954 75870 61e899a2 75948 61e22399 free realloc malloc 75870->75948 75872->75857 75944 61e1a7b6 free realloc malloc 75872->75944 75874 61e89b38 75955 61e2a72e free realloc malloc 75874->75955 75875 61e899af 75949 61e222b9 free realloc malloc 75875->75949 75879 61e899cd 75880 61e89a2e 75879->75880 75882 61e29a02 3 API calls 75879->75882 75950 61e887af free realloc malloc 75880->75950 75882->75880 75883 61e89a6d 75884 61e0aee0 free 75883->75884 75885 61e89a7c 75884->75885 75885->75857 75951 61eb2e5a 30 API calls 75885->75951 75887 61e89a8e 75952 61e22f99 free realloc malloc 75887->75952 75889 61e89a99 75890 61e29a02 3 API calls 75889->75890 75891 61e89ab2 75890->75891 75953 61e22504 free realloc malloc 75891->75953 75895->75790 75896->75787 75897->75793 75899 61e25402 75898->75899 75901 61e253ad 75898->75901 75899->75790 75900 61e253f4 75900->75790 75901->75900 75964 61e1a7b6 free realloc malloc 75901->75964 75903->75790 75905 61e1cb96 75904->75905 75906 61e1a8d8 3 API calls 75905->75906 75907 61e1cbd4 75906->75907 75907->75843 75909 61e1cb1f 75908->75909 75910 61e1a8d8 3 API calls 75909->75910 75911 61e1cb37 75910->75911 75912 61e1cb47 75911->75912 75913 61e1658e free 75911->75913 75912->75842 75913->75912 75915 61e1aaa4 3 API calls 75914->75915 75916 61e1abaf 75915->75916 75916->75852 75916->75857 75940 61e24d02 free realloc malloc 75916->75940 75918 61e248e9 75917->75918 75923 61e24906 75917->75923 75919 61e248f6 75918->75919 75920 61e24908 75918->75920 75957 61e1a7b6 free realloc malloc 75919->75957 75958 61e1b697 free realloc malloc 75920->75958 75923->75811 75923->75846 75926 61e76f71 30 API calls 75923->75926 75924 61e24914 75924->75923 75959 61e1a7b6 free realloc malloc 75924->75959 75926->75811 75927->75816 75928->75846 75929->75846 75931 61e1b673 75930->75931 75932 61e1b688 75930->75932 75960 61e1b434 75931->75960 75932->75826 75934->75833 75935->75846 75936->75846 75937->75834 75938->75829 75939->75842 75940->75852 75941->75852 75942->75857 75943->75852 75944->75857 75945->75857 75946->75862 75947->75870 75948->75875 75949->75879 75950->75883 75951->75887 75952->75889 75954->75874 75955->75857 75956->75806 75957->75923 75958->75924 75959->75923 75961 61e1b447 75960->75961 75962 61e1b458 75960->75962 75963 61e1a8d8 3 API calls 75961->75963 75962->75932 75963->75962 75964->75900 75965 61e84e02 75966 61e84e37 75965->75966 75967 61e84dda 75965->75967 75968 61e11243 free 75966->75968 75967->75965 75967->75966 75971 61e16f42 free 75967->75971 75970 61e84e47 75968->75970 75971->75967 75972 61e2b80f 75973 61e2b816 75972->75973 75974 61e2b846 75973->75974 75976 61e2b771 75973->75976 75977 61e2b779 75976->75977 75980 61e2b6b7 75977->75980 75979 61e2b7cb 75979->75973 75981 61e2b6db 75980->75981 75982 61e2b6cd 75980->75982 75988 61e02a84 75981->75988 75991 61e2a72e free realloc malloc 75982->75991 75985 61e2b6d7 75985->75979 75987 61e2b6f0 75987->75985 75992 61e2a72e free realloc malloc 75987->75992 75993 61e4b216 75988->75993 75989 61e02aa3 75989->75987 75991->75985 75992->75985 75994 61e4b235 75993->75994 76010 61e15baf 75994->76010 75995 61e4b33c 75996 61e4b31f 75995->75996 76034 61e4b1d2 14 API calls 75995->76034 75996->75989 75997 61e4b332 76031 61e2a72e free realloc malloc 75997->76031 75998 61e4b343 76001 61e4b359 75998->76001 76003 61e4b398 75998->76003 76001->75995 76005 61e4b361 76001->76005 76002 61e4b266 76002->75995 76002->75996 76002->75997 76002->75998 76022 61e2c4e6 76003->76022 76005->75996 76006 61e4b379 76005->76006 76032 61e14f21 free realloc malloc 76005->76032 76033 61e1506d free realloc malloc 76006->76033 76011 61e15bc5 76010->76011 76013 61e15bd4 76011->76013 76015 61e15be1 76011->76015 76035 61e14d07 free realloc malloc 76011->76035 76020 61e15c3b 76013->76020 76036 61e0c497 free 76013->76036 76015->76002 76016 61e15ce4 76016->76015 76038 61e15ada 76016->76038 76018 61e15c22 76018->76015 76037 61e0c497 free 76018->76037 76020->76015 76020->76016 76021 61e13da6 3 API calls 76020->76021 76021->76016 76023 61e2c573 76022->76023 76024 61e2c505 76022->76024 76045 61e2c406 free realloc malloc 76023->76045 76026 61e2c586 76024->76026 76027 61e2c50f 76024->76027 76030 61e2c571 76024->76030 76042 61e014e3 76026->76042 76029 61e014e3 7 API calls 76027->76029 76029->76030 76030->75995 76031->75995 76032->76006 76033->75996 76035->76013 76036->76018 76037->76020 76040 61e15aed 76038->76040 76039 61e13da6 3 API calls 76041 61e15af5 76039->76041 76040->76039 76040->76041 76041->76015 76046 61e33f01 76042->76046 76045->76024 76050 61e33f2b 76046->76050 76047 61e33f95 ReadFile 76048 61e33fbe 76047->76048 76047->76050 76054 61e2a570 free realloc malloc 76048->76054 76050->76047 76050->76048 76051 61e0150a 76050->76051 76052 61e33ff1 76050->76052 76051->76030 76055 61e3381e 6 API calls 76052->76055 76054->76051 76055->76051 76056 61e25aac 76057 61e25ac3 76056->76057 76058 61e25b01 76056->76058 76059 61e1a8d8 3 API calls 76057->76059 76072 61e25915 free realloc malloc 76058->76072 76066 61e25ad1 76059->76066 76061 61e25b12 76063 61e25b18 76061->76063 76061->76066 76062 61e25b22 76073 61e16c9d free 76063->76073 76065 61e25b58 76067 61e1b666 3 API calls 76065->76067 76066->76062 76066->76065 76068 61e25b36 76066->76068 76067->76062 76069 61e1b666 3 API calls 76068->76069 76070 61e25b45 76069->76070 76071 61e1b666 3 API calls 76070->76071 76071->76062 76072->76061 76073->76062 76074 61e757e8 76075 61e75835 76074->76075 76076 61e75803 76074->76076 76077 61e248d8 3 API calls 76075->76077 76076->76075 76078 61e7580c 76076->76078 76082 61e75847 76077->76082 76143 61e1ad86 free realloc malloc 76078->76143 76080 61e7582b 76142 61e75871 76080->76142 76146 61e29795 free strrchr realloc malloc 76080->76146 76081 61e75876 76083 61e1b666 3 API calls 76081->76083 76082->76081 76085 61e75861 76082->76085 76082->76142 76086 61e75887 76083->76086 76144 61e1a7b6 free realloc malloc 76085->76144 76086->76080 76145 61e1ac79 free realloc malloc 76086->76145 76087 61e758d7 76099 61e759dd 76087->76099 76147 61e247a0 free realloc malloc 76087->76147 76091 61e0aee0 free 76091->76142 76092 61e75932 76093 61e75940 76092->76093 76092->76099 76148 61e247a0 free realloc malloc 76092->76148 76094 61e75949 76093->76094 76096 61e757ae 30 API calls 76093->76096 76093->76099 76097 61e1aaa4 3 API calls 76094->76097 76101 61e75993 76096->76101 76098 61e75a2f 76097->76098 76098->76099 76100 61e75a42 76098->76100 76099->76091 76100->76142 76152 61e22a48 free realloc malloc 76100->76152 76101->76099 76102 61e759ab 76101->76102 76103 61e759f8 76101->76103 76105 61e759e2 76102->76105 76106 61e759b1 76102->76106 76103->76094 76110 61e75a08 76103->76110 76150 61e22f50 free realloc malloc 76105->76150 76149 61e1a7b6 free realloc malloc 76106->76149 76107 61e75a7e 76107->76142 76153 61e55111 19 API calls 76107->76153 76151 61e1a7b6 free realloc malloc 76110->76151 76113 61e75a97 76114 61e75aa9 76113->76114 76154 61e22399 free realloc malloc 76113->76154 76155 61e222b9 free realloc malloc 76114->76155 76117 61e75ae1 76156 61e22355 free realloc malloc 76117->76156 76119 61e75afa 76157 61e222b9 free realloc malloc 76119->76157 76121 61e75b26 76158 61e222b9 free realloc malloc 76121->76158 76123 61e75b44 76124 61e75b56 76123->76124 76125 61e75b6c 76123->76125 76159 61e22a28 free realloc malloc 76124->76159 76160 61e222b9 free realloc malloc 76125->76160 76128 61e75b6a 76161 61e22a48 free realloc malloc 76128->76161 76130 61e75b96 76162 61e23816 free realloc malloc 76130->76162 76132 61e75bb6 76163 61e223b7 free realloc malloc 76132->76163 76134 61e75bda 76164 61e22a28 free realloc malloc 76134->76164 76136 61e75bfb 76165 61e223f2 free realloc malloc 76136->76165 76138 61e75c2a 76166 61e222b9 free realloc malloc 76138->76166 76140 61e75c45 76167 61e22399 free realloc malloc 76140->76167 76143->76080 76144->76142 76145->76080 76146->76087 76147->76092 76148->76093 76149->76099 76150->76099 76151->76099 76152->76107 76153->76113 76154->76114 76155->76117 76156->76119 76157->76121 76158->76123 76159->76128 76160->76128 76161->76130 76162->76132 76163->76134 76164->76136 76165->76138 76166->76140 76167->76142 76168 61e84a87 76169 61e84a9e 76168->76169 76175 61e84b2e 76168->76175 76184 61e2a0e4 free memmove realloc malloc 76169->76184 76171 61e84ac1 76172 61e11243 free 76171->76172 76173 61e84acd 76172->76173 76174 61e84d5a 76173->76174 76173->76175 76188 61e16690 free 76174->76188 76177 61e1b434 3 API calls 76175->76177 76180 61e84b97 76175->76180 76177->76180 76178 61e84d65 76179 61e4c7c5 25 API calls 76179->76180 76180->76179 76185 61e1a839 free realloc malloc 76180->76185 76186 61e16f42 free 76180->76186 76187 61e52f4f 22 API calls 76180->76187 76184->76171 76185->76180 76186->76180 76187->76180 76188->76178 76189 61e2cb72 76190 61e2cb91 76189->76190 76191 61e13da6 3 API calls 76190->76191 76194 61e2cbc3 76190->76194 76192 61e2cba6 76191->76192 76192->76194 76195 61e2cbaf 76192->76195 76202 61e2c904 76194->76202 76217 61e1a839 free realloc malloc 76195->76217 76196 61e2cbb6 76198 61e11243 free 76196->76198 76199 61e2cc37 76198->76199 76201 61e0ae03 free 76201->76196 76203 61e2c93b 76202->76203 76204 61e2c9ba 76203->76204 76206 61e2c904 4 API calls 76203->76206 76208 61e2ca7f 76204->76208 76218 61e23a7b 76204->76218 76207 61e2ca25 76206->76207 76207->76208 76209 61e2c904 4 API calls 76207->76209 76208->76196 76208->76201 76209->76204 76210 61e23a7b 3 API calls 76212 61e2cb13 76210->76212 76212->76208 76229 61e0e65e 76212->76229 76213 61e2cae2 76213->76208 76213->76210 76214 61e2cac0 76228 61e2a0e4 free memmove realloc malloc 76214->76228 76217->76196 76221 61e23aaa 76218->76221 76219 61e23bdb 76219->76213 76219->76214 76220 61e1aaa4 3 API calls 76222 61e23b7d 76220->76222 76221->76219 76221->76220 76222->76219 76223 61e14718 3 API calls 76222->76223 76224 61e23bc0 76223->76224 76224->76219 76225 61e0aee0 free 76224->76225 76226 61e23bd3 76225->76226 76233 61e1a839 free realloc malloc 76226->76233 76228->76208 76230 61e0e662 76229->76230 76231 61e0e68e 76229->76231 76230->76231 76232 61e0aee0 free 76230->76232 76231->76208 76232->76231 76233->76219 76234 61ead81a 76245 61e3502f 76234->76245 76236 61ead834 76244 61ead8af 76236->76244 76262 61e1aacc free realloc malloc 76236->76262 76238 61ead849 76263 61e1e80b free memmove realloc malloc 76238->76263 76240 61ead869 76241 61ead88c 76240->76241 76264 61ead2ac 76240->76264 76325 61e0b4b2 76241->76325 76246 61e35038 76245->76246 76247 61e35040 76245->76247 76246->76236 76249 61e350a0 76247->76249 76261 61e350f5 76247->76261 76341 61e34e2e free realloc malloc 76247->76341 76250 61e351e0 76249->76250 76249->76261 76342 61e34e2e free realloc malloc 76249->76342 76250->76261 76329 61e35921 76250->76329 76254 61e0ae03 free 76255 61e35243 76254->76255 76332 61e354d1 GetSystemInfo 76255->76332 76257 61e35248 76257->76261 76343 61e353d4 free realloc malloc strcmp GetSystemInfo 76257->76343 76259 61e35263 76259->76261 76344 61e3546e 76259->76344 76261->76236 76262->76238 76263->76240 76265 61e3502f 5 API calls 76264->76265 76266 61ead2d7 76265->76266 76276 61ead7a4 76266->76276 76347 61e148b6 76266->76347 76268 61ead35e 76270 61e2d2eb 3 API calls 76268->76270 76269 61ead363 76350 61e2cfc1 76269->76350 76270->76276 76271 61ead337 76271->76268 76271->76269 76272 61ead356 76271->76272 76274 61e0ae03 free 76272->76274 76274->76268 76276->76241 76277 61e2cfc1 4 API calls 76278 61ead49b 76277->76278 76279 61e2cfc1 4 API calls 76278->76279 76280 61ead4c3 76279->76280 76281 61e2cfc1 4 API calls 76280->76281 76282 61ead4eb 76281->76282 76283 61e2cfc1 4 API calls 76282->76283 76284 61ead513 76283->76284 76284->76268 76285 61ead53c 76284->76285 76286 61ead530 76284->76286 76451 61e44905 11 API calls 76285->76451 76450 61e2c708 free realloc malloc 76286->76450 76289 61ead53a 76290 61ead5a3 76289->76290 76291 61ead561 76289->76291 76361 61e541a0 76290->76361 76293 61ead56d 76291->76293 76452 61e1a839 free realloc malloc 76291->76452 76453 61e2a0e4 free memmove realloc malloc 76293->76453 76294 61ead5ca 76297 61ead5e9 76294->76297 76298 61ead5ce 76294->76298 76426 61e240f1 76297->76426 76300 61e0c05c free 76298->76300 76299 61ead593 76301 61e0ae03 free 76299->76301 76300->76268 76301->76268 76304 61ead61b 76306 61e240f1 3 API calls 76304->76306 76307 61ead632 76306->76307 76307->76268 76308 61e0c05c free 76307->76308 76309 61ead667 76308->76309 76434 61e4681d 76309->76434 76311 61ead67f 76312 61ead68b 76311->76312 76455 61e1a839 free realloc malloc 76311->76455 76440 61e2d2eb 76312->76440 76316 61ead768 76317 61e0c05c free 76316->76317 76319 61ead6c6 76317->76319 76318 61ead6be 76320 61e2d2eb 3 API calls 76318->76320 76319->76268 76444 61e143f1 76319->76444 76320->76319 76322 61e0ae03 free 76323 61ead6b3 76322->76323 76323->76318 76323->76322 76456 61e2a0e4 free memmove realloc malloc 76323->76456 76326 61e0b4b6 76325->76326 76328 61e0b4c2 76325->76328 76592 61e0b3e4 free 76326->76592 76328->76244 76330 61e3502f 5 API calls 76329->76330 76331 61e351fb 76330->76331 76331->76254 76331->76261 76333 61e3546e 4 API calls 76332->76333 76334 61e35506 76333->76334 76335 61e3546e 4 API calls 76334->76335 76336 61e3551a 76335->76336 76337 61e3546e 4 API calls 76336->76337 76338 61e3552e 76337->76338 76339 61e3546e 4 API calls 76338->76339 76340 61e35542 76339->76340 76340->76257 76341->76249 76342->76250 76343->76259 76345 61e3502f 5 API calls 76344->76345 76346 61e3547e 76345->76346 76346->76261 76348 61e13da6 3 API calls 76347->76348 76349 61e148c2 76348->76349 76349->76271 76351 61e2cff8 76350->76351 76457 61e23a1f 76351->76457 76353 61e2d021 76355 61e2d085 76353->76355 76360 61e2d027 76353->76360 76354 61e23a1f 3 API calls 76356 61e2d03a 76354->76356 76462 61e2a0e4 free memmove realloc malloc 76355->76462 76358 61e2d06f 76356->76358 76359 61e0c05c free 76356->76359 76358->76277 76359->76358 76360->76354 76362 61e541c2 strcmp 76361->76362 76363 61e541ec 76361->76363 76362->76363 76392 61e5451e 76362->76392 76364 61e148b6 3 API calls 76363->76364 76363->76392 76373 61e5424c 76364->76373 76365 61e148b6 3 API calls 76366 61e54712 76365->76366 76367 61e54733 76366->76367 76368 61e54718 76366->76368 76371 61e0aee0 free 76367->76371 76375 61e54819 76367->76375 76369 61e0aee0 free 76368->76369 76397 61e5472e 76369->76397 76370 61e148b6 3 API calls 76381 61e544a7 76370->76381 76371->76375 76372 61e54c38 76378 61e15e54 3 API calls 76372->76378 76376 61e13da6 3 API calls 76373->76376 76418 61e54482 76373->76418 76423 61e542fd 76373->76423 76374 61e54b11 76382 61e0ae03 free 76374->76382 76375->76372 76375->76397 76464 61e0161e 76375->76464 76379 61e542df 76376->76379 76393 61e548a2 76378->76393 76383 61e542f5 76379->76383 76384 61e54307 76379->76384 76381->76374 76385 61e54515 76381->76385 76387 61e54542 76381->76387 76381->76392 76386 61e54b24 76382->76386 76388 61e0ae03 free 76383->76388 76398 61e5434a 76384->76398 76410 61e54310 76384->76410 76467 61e1ad86 free realloc malloc 76385->76467 76390 61e0ae03 free 76386->76390 76391 61e13da6 3 API calls 76387->76391 76387->76392 76388->76423 76390->76423 76412 61e5457d 76391->76412 76392->76365 76392->76397 76406 61e54680 76393->76406 76469 61e0c3f2 76393->76469 76394 61e54878 76394->76393 76473 61e09b35 76394->76473 76397->76374 76397->76423 76476 61e540ae 76397->76476 76402 61e0ae03 free 76398->76402 76399 61e548b5 76400 61e0ae03 free 76399->76400 76400->76406 76401 61e54c2d 76401->76372 76404 61e09b35 strcmp 76401->76404 76403 61e54352 76402->76403 76405 61e0ae03 free 76403->76405 76404->76372 76405->76423 76406->76397 76407 61e014e3 7 API calls 76406->76407 76415 61e54921 76406->76415 76407->76415 76408 61e54450 76414 61e0ae03 free 76408->76414 76409 61e543af strcmp 76409->76410 76410->76408 76410->76409 76420 61e543df 76410->76420 76411 61e5466a 76413 61e0aee0 free 76411->76413 76412->76392 76412->76397 76412->76411 76468 61e2a6f9 free realloc malloc 76412->76468 76413->76406 76414->76418 76415->76397 76416 61e15e54 3 API calls 76415->76416 76416->76397 76418->76370 76418->76423 76419 61e54658 76419->76392 76419->76411 76420->76408 76421 61e54414 76420->76421 76422 61e0ae03 free 76421->76422 76424 61e54432 76422->76424 76423->76294 76425 61e0ae03 free 76424->76425 76425->76423 76427 61e24136 76426->76427 76429 61e24100 76426->76429 76428 61e1aaa4 3 API calls 76427->76428 76430 61e24120 76428->76430 76429->76430 76432 61e1aaa4 3 API calls 76429->76432 76431 61e24151 76430->76431 76584 61e1a839 free realloc malloc 76430->76584 76431->76304 76454 61e23a4e free realloc malloc 76431->76454 76432->76430 76435 61e4683a 76434->76435 76436 61e23a7b 3 API calls 76435->76436 76438 61e46854 76436->76438 76437 61e46873 76437->76311 76438->76437 76585 61e42ea8 free realloc malloc strcmp GetSystemInfo 76438->76585 76441 61e2d2fe 76440->76441 76443 61e2d2f7 76440->76443 76586 61e2d217 76441->76586 76443->76316 76443->76323 76445 61e1440b 76444->76445 76446 61e0ae03 free 76445->76446 76447 61e1442a 76445->76447 76449 61e1446d 76445->76449 76446->76447 76448 61e13da6 3 API calls 76447->76448 76447->76449 76448->76449 76449->76268 76450->76289 76451->76289 76452->76293 76453->76299 76454->76304 76455->76312 76456->76323 76458 61e23a23 76457->76458 76459 61e23a46 76457->76459 76463 61e23987 free realloc malloc 76458->76463 76459->76353 76461 61e23a36 76461->76353 76462->76358 76463->76461 76493 61e4928d 76464->76493 76467->76392 76468->76419 76470 61e0c414 76469->76470 76471 61e0c3fa 76469->76471 76470->76399 76471->76470 76472 61e0ae03 free 76471->76472 76472->76470 76545 61e09ada 76473->76545 76475 61e09b4d 76475->76401 76477 61e540c9 76476->76477 76478 61e0ae03 free 76477->76478 76479 61e540e2 76477->76479 76478->76477 76549 61e53f93 76479->76549 76481 61e54120 76482 61e54137 76481->76482 76485 61e54140 76481->76485 76571 61e13b24 free 76482->76571 76572 61e4b1d2 14 API calls 76485->76572 76486 61e5413e 76487 61e0c3f2 free 76486->76487 76488 61e5417c 76487->76488 76561 61e0c626 76488->76561 76489 61e5418e 76490 61e0ae03 free 76489->76490 76491 61e54196 76490->76491 76491->76374 76494 61e492cd 76493->76494 76495 61e492db 76493->76495 76543 61e48f53 8 API calls 76494->76543 76501 61e01647 76495->76501 76539 61e3409f 76495->76539 76498 61e492f3 76499 61e4930f 76498->76499 76500 61e492fa 76498->76500 76503 61e335bf InterlockedCompareExchange InterlockedCompareExchange InterlockedCompareExchange 76499->76503 76504 61e49319 76499->76504 76502 61e0ae03 free 76500->76502 76501->76394 76502->76501 76503->76504 76505 61e493ac 76504->76505 76506 61e4938c 76504->76506 76509 61e09b35 strcmp 76505->76509 76507 61e0ae03 free 76506->76507 76508 61e4939c 76507->76508 76511 61e0ae03 free 76508->76511 76510 61e4940c 76509->76510 76512 61e4944b CreateFileW 76510->76512 76513 61e335bf InterlockedCompareExchange InterlockedCompareExchange InterlockedCompareExchange 76510->76513 76511->76501 76514 61e494f0 76512->76514 76520 61e49491 76512->76520 76515 61e49443 76513->76515 76516 61e2a570 free realloc malloc 76514->76516 76515->76512 76538 61e494f8 76515->76538 76517 61e495a8 76516->76517 76518 61e495b1 76517->76518 76519 61e49633 76517->76519 76521 61e0ae03 free 76518->76521 76523 61e0ae03 free 76519->76523 76520->76512 76520->76514 76522 61e34429 6 API calls 76520->76522 76524 61e495bc 76521->76524 76522->76520 76525 61e4965b 76523->76525 76526 61e0ae03 free 76524->76526 76527 61e0ae03 free 76525->76527 76528 61e495c7 76526->76528 76536 61e49666 76527->76536 76529 61e495ff 76528->76529 76530 61e495d3 76528->76530 76532 61e3381e 6 API calls 76529->76532 76534 61e4928d 9 API calls 76530->76534 76531 61e34429 6 API calls 76531->76538 76533 61e49622 76532->76533 76535 61e2a6f9 free realloc malloc 76533->76535 76534->76501 76535->76501 76536->76501 76537 61e09b35 strcmp 76536->76537 76537->76501 76538->76514 76538->76531 76540 61e340b0 76539->76540 76542 61e340c3 76540->76542 76544 61e335bf InterlockedCompareExchange InterlockedCompareExchange InterlockedCompareExchange 76540->76544 76543->76495 76544->76540 76546 61e09b29 76545->76546 76547 61e09aed 76545->76547 76546->76475 76547->76546 76548 61e09b0a strcmp 76547->76548 76548->76547 76550 61e540a4 76549->76550 76553 61e53fa6 76549->76553 76550->76481 76551 61e5405e 76575 61e0b68f free 76551->76575 76553->76551 76573 61e534e3 12 API calls 76553->76573 76555 61e5406f 76556 61e0ae03 free 76555->76556 76557 61e5409c 76556->76557 76558 61e0ae03 free 76557->76558 76558->76550 76559 61e54023 76559->76551 76574 61e2a5af free realloc malloc 76559->76574 76562 61e0c642 76561->76562 76563 61e0c639 76561->76563 76576 61e0c5c7 76562->76576 76582 61e0c538 free 76563->76582 76567 61e0ae03 free 76568 61e0c66e 76567->76568 76569 61e0ae03 free 76568->76569 76570 61e0c679 76569->76570 76571->76486 76573->76559 76574->76551 76575->76555 76579 61e0c5d4 76576->76579 76577 61e0c5fb 76578 61e0c610 76577->76578 76580 61e0ae03 free 76577->76580 76578->76567 76579->76577 76583 61e0c497 free 76579->76583 76580->76578 76582->76562 76583->76579 76584->76431 76585->76437 76587 61e2d252 76586->76587 76588 61e2d228 76586->76588 76587->76443 76588->76587 76591 61e2a4ce free realloc malloc 76588->76591 76590 61e2d24e 76590->76443 76591->76590 76592->76328 76593 61e7f656 76594 61e7f6ad 76593->76594 76597 61e16404 free 76594->76597 76596 61e7f6c4 76597->76596 76598 61e2cc97 76600 61e2cce3 76598->76600 76599 61e2ce92 76600->76599 76606 61e23cbf 76600->76606 76602 61e2cd9b 76602->76599 76603 61e23cbf 3 API calls 76602->76603 76604 61e2cdc3 76603->76604 76604->76599 76605 61e23cbf 3 API calls 76604->76605 76605->76599 76607 61e23ce1 76606->76607 76608 61e23bfe 3 API calls 76607->76608 76609 61e23cf5 76608->76609 76610 61e11243 free 76609->76610 76611 61e23cfe 76610->76611 76611->76602 76612 61e55699 76613 61e2d217 3 API calls 76612->76613 76617 61e556ab 76613->76617 76614 61e556af 76616 61e5575b 76629 61e0dfe4 76616->76629 76617->76614 76625 61e0dfb0 76617->76625 76619 61e557ad 76635 61e553de 76619->76635 76620 61e55783 76674 61e2a0e4 free memmove realloc malloc 76620->76674 76623 61e5576e 76623->76619 76623->76620 76624 61e5579b 76626 61e0dfe0 76625->76626 76628 61e0dfbf 76625->76628 76626->76616 76628->76626 76675 61e0df44 free 76628->76675 76630 61e0dff7 76629->76630 76631 61e0e054 76629->76631 76632 61e0e048 76630->76632 76676 61e0df44 free 76630->76676 76631->76623 76633 61e0aee0 free 76632->76633 76633->76631 76636 61e553fe 76635->76636 76637 61e553ef 76635->76637 76636->76624 76637->76636 76677 61e516b4 76637->76677 76639 61e55419 76685 61e0b013 76639->76685 76641 61e55420 76642 61e55451 76641->76642 76689 61e552db 76641->76689 76643 61e55460 76642->76643 76705 61e16e70 76642->76705 76646 61e0dfb0 free 76643->76646 76647 61e55467 76646->76647 76716 61e119f6 76647->76716 76649 61e554a2 76651 61e0b519 free 76649->76651 76650 61e5546e 76650->76649 76652 61e0e65e free 76650->76652 76653 61e0aee0 free 76650->76653 76656 61e554ad 76651->76656 76652->76650 76653->76650 76654 61e554ef 76655 61e0b519 free 76654->76655 76659 61e554fa 76655->76659 76656->76654 76657 61e0aee0 free 76656->76657 76657->76656 76658 61e5551e 76660 61e0b519 free 76658->76660 76659->76658 76722 61e0df09 free 76659->76722 76661 61e55529 76660->76661 76662 61e0c05c free 76661->76662 76664 61e55532 76662->76664 76665 61e0b4b2 free 76664->76665 76666 61e5553d 76665->76666 76667 61e0aee0 free 76666->76667 76668 61e55564 76667->76668 76669 61e0aee0 free 76668->76669 76671 61e5557a 76669->76671 76670 61e555c0 76673 61e0ae03 free 76670->76673 76671->76670 76672 61e0ae03 free 76671->76672 76672->76670 76673->76636 76674->76624 76675->76628 76676->76630 76678 61e516c7 76677->76678 76679 61e51725 76678->76679 76723 61e515f5 76678->76723 76680 61e0dfe4 free 76679->76680 76682 61e51731 76680->76682 76683 61e5174c 76682->76683 76737 61e16f9b free 76682->76737 76683->76639 76686 61e0b01c 76685->76686 76687 61e0b03d 76686->76687 76688 61e0aee0 free 76686->76688 76687->76641 76688->76686 76690 61e552ee 76689->76690 76691 61e515f5 14 API calls 76690->76691 76692 61e552f9 76691->76692 76693 61e540ae 17 API calls 76692->76693 76701 61e55384 76692->76701 76694 61e5530f 76693->76694 76695 61e55316 76694->76695 76704 61e16e70 free 76694->76704 76696 61e0aee0 free 76695->76696 76697 61e553a5 76696->76697 76698 61e0c919 free 76697->76698 76699 61e553ad 76698->76699 76700 61e0ae03 free 76699->76700 76700->76701 76702 61e0ae03 free 76701->76702 76703 61e553d4 76702->76703 76703->76641 76704->76695 76706 61e0b519 free 76705->76706 76707 61e16eba 76706->76707 76708 61e16ecf 76707->76708 76746 61e16e09 free 76707->76746 76710 61e0b519 free 76708->76710 76711 61e16ed7 76710->76711 76712 61e0b519 free 76711->76712 76713 61e16f19 76712->76713 76714 61e0b519 free 76713->76714 76715 61e16f21 76714->76715 76715->76643 76719 61e11a0d 76716->76719 76717 61e0aee0 free 76717->76719 76718 61e11a5d 76720 61e0aee0 free 76718->76720 76721 61e11a8c 76718->76721 76719->76717 76719->76718 76720->76721 76721->76650 76722->76659 76724 61e51610 76723->76724 76727 61e51624 76724->76727 76742 61e513e3 14 API calls 76724->76742 76728 61e5162a 76727->76728 76745 61e5134c 14 API calls 76727->76745 76729 61e51681 76728->76729 76743 61e4b121 14 API calls 76728->76743 76738 61e4b61e 76729->76738 76732 61e51637 76734 61e032bd 14 API calls 76732->76734 76733 61e516a3 76733->76678 76735 61e51652 76734->76735 76744 61e0b657 free 76735->76744 76737->76683 76739 61e4b63c 76738->76739 76740 61e4b648 76738->76740 76739->76740 76741 61e0ae03 free 76739->76741 76740->76733 76741->76739 76742->76727 76743->76732 76744->76729 76745->76728 76746->76707 76747 61e80454 76750 61e1ca31 76747->76750 76751 61e1a8d8 3 API calls 76750->76751 76753 61e1ca51 76751->76753 76752 61e1cb13 76753->76752 76755 61e1ac79 free realloc malloc 76753->76755 76755->76752 76756 61e1d21e 76759 61e1d184 76756->76759 76757 61e1d19b 76758 61e1d1f9 76767 61e13ed7 76758->76767 76759->76757 76759->76758 76760 61e1d1b7 76759->76760 76762 61e1a8d8 3 API calls 76760->76762 76764 61e1d1be 76762->76764 76763 61e1d201 76763->76757 76774 61e1a839 free realloc malloc 76763->76774 76764->76757 76766 61e0aee0 free 76764->76766 76766->76757 76768 61e13ee8 76767->76768 76769 61e13efe 76768->76769 76771 61e13f0b 76768->76771 76770 61e0ae03 free 76769->76770 76772 61e13f06 76770->76772 76771->76772 76775 61e2a652 realloc 76771->76775 76772->76763 76774->76757 76776 61e2a683 76775->76776 76777 61e2a676 76775->76777 76779 61e2a4ce free realloc malloc 76776->76779 76777->76772 76779->76777

                                                                                                                        Executed Functions

                                                                                                                        Function 61E88FCA Relevance: 9.6, Strings: 7, Instructions: 866COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: UNIQUE$BINARY$bua$index$invalid rootpage$sqlite_master$sqlite_temp_master
                                                                                                                        • API String ID: 0-1733444394
                                                                                                                        • Opcode ID: 23258f6630b6473f7776cb08bfc6c784fb41f9ca11d244a27a90c0fe0e76f012
                                                                                                                        • Instruction ID: c52f25025489653eb610d6e343a086c80a5a7374dd8721026aec1ef0af0b0df4
                                                                                                                        • Opcode Fuzzy Hash: 23258f6630b6473f7776cb08bfc6c784fb41f9ca11d244a27a90c0fe0e76f012
                                                                                                                        • Instruction Fuzzy Hash: 1892F174E08255CFDB51CFA8C580B99BBF1BF89308F65C1A9E859AB352D734E881CB41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EAD2AC Relevance: 6.6, Strings: 5, Instructions: 334COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 790 61ead2ac-61ead2d9 call 61e3502f 793 61ead7df-61ead7e6 790->793 794 61ead2df-61ead2eb 790->794 795 61ead2ed-61ead2f0 794->795 796 61ead305-61ead30a 794->796 795->796 797 61ead2f2-61ead2fc 795->797 798 61ead30c-61ead311 796->798 799 61ead313-61ead31a 796->799 797->796 800 61ead2fe 797->800 801 61ead321 798->801 802 61ead31c 799->802 803 61ead324-61ead33b call 61e148b6 799->803 800->796 801->803 802->801 806 61ead79a 803->806 807 61ead341-61ead343 803->807 808 61ead79c-61ead7a8 call 61e2d2eb 806->808 809 61ead363-61ead517 call 61e01759 call 61e2cfc1 * 5 807->809 810 61ead345-61ead354 call 61e01729 807->810 818 61ead7aa-61ead7b4 call 61e557c7 808->818 819 61ead7b6-61ead7b8 808->819 838 61ead51d-61ead52e 809->838 839 61ead7d2-61ead7dd call 61e01781 809->839 810->809 817 61ead356-61ead35e call 61e0ae03 810->817 817->806 824 61ead7be-61ead7d0 call 61e0b7cb 818->824 823 61ead7ba 819->823 819->824 823->824 824->793 840 61ead53c-61ead556 call 61e44905 838->840 841 61ead530-61ead53a call 61e2c708 838->841 839->808 847 61ead55b-61ead55f 840->847 841->847 848 61ead5a3-61ead5cc call 61e541a0 847->848 849 61ead561-61ead564 847->849 856 61ead5e9-61ead608 call 61e15474 call 61e240f1 848->856 857 61ead5ce-61ead5e4 call 61e0c05c 848->857 851 61ead56d-61ead59e call 61e2a0e4 call 61e0ae03 849->851 852 61ead566-61ead568 call 61e1a839 849->852 851->839 852->851 867 61ead60a-61ead616 call 61e23a4e 856->867 868 61ead61b-61ead658 call 61e0c851 call 61e240f1 856->868 857->839 867->868 868->839 874 61ead65e-61ead682 call 61e0c05c call 61e4681d 868->874 879 61ead68b-61ead690 call 61e2d2eb 874->879 880 61ead684-61ead686 call 61e1a839 874->880 883 61ead695-61ead697 879->883 880->879 884 61ead6ab-61ead6ad 883->884 885 61ead699-61ead69c 883->885 886 61ead768-61ead76c call 61e0c05c 884->886 887 61ead6b3-61ead6b5 884->887 885->884 888 61ead69e-61ead6a9 885->888 893 61ead771-61ead783 call 61e143f1 886->893 889 61ead6bc 887->889 888->883 891 61ead6be-61ead6c8 call 61e2d2eb 889->891 892 61ead6d3-61ead6f1 call 61e01729 call 61e01759 889->892 891->839 901 61ead6ce 891->901 906 61ead703-61ead705 892->906 907 61ead6f3-61ead701 892->907 900 61ead788-61ead798 call 61e0e763 893->900 900->839 901->893 908 61ead707-61ead71e call 61e01781 906->908 907->908 911 61ead720-61ead736 908->911 912 61ead755-61ead763 call 61e0ae03 908->912 911->912 916 61ead738-61ead750 call 61e2a0e4 911->916 912->889 916->912
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: strcmp
                                                                                                                        • String ID: BINARY$NOCASE$RTRIM$kqa$main
                                                                                                                        • API String ID: 1004003707-114998471
                                                                                                                        • Opcode ID: f6501512400433d73c0f6347e04bf113c3db028c500413ac63f89a1f0889c187
                                                                                                                        • Instruction ID: 60bcc8b0197c989f7013f8b1edc5a9d28cf944306873f66ca73508c1f88d5ce1
                                                                                                                        • Opcode Fuzzy Hash: f6501512400433d73c0f6347e04bf113c3db028c500413ac63f89a1f0889c187
                                                                                                                        • Instruction Fuzzy Hash: DEE149B4A087858BEB00DF68C59474ABBF1BF89308F24C86DEC989F395D779C8458B51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E354D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • GetSystemInfo.KERNEL32(?,?,61ECC400,?,61E35248), ref: 61E354EB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoSystem
                                                                                                                        • String ID: HRa
                                                                                                                        • API String ID: 31276548-1004199025
                                                                                                                        • Opcode ID: 90f829b77809e80cd7cc556866e5c439b2c19dcd8d7a36888ffec522c66ecd4c
                                                                                                                        • Instruction ID: 06cda1940385b8855eb11c4b22b944da250b3e82bd825487f891a332eec36e05
                                                                                                                        • Opcode Fuzzy Hash: 90f829b77809e80cd7cc556866e5c439b2c19dcd8d7a36888ffec522c66ecd4c
                                                                                                                        • Instruction Fuzzy Hash: 56F03AB02083419BD704AFA4C60631FBAF5AFC6B09F66C82DD1858B380CB75D8559B93
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E75F1F Relevance: 3.3, Strings: 2, Instructions: 815COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • multiple recursive references: %s, xrefs: 61E76A4B
                                                                                                                        • recursive reference in a subquery: %s, xrefs: 61E76A54
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: multiple recursive references: %s$recursive reference in a subquery: %s
                                                                                                                        • API String ID: 0-3854365051
                                                                                                                        • Opcode ID: 0f72b0bbb797a1947647ee02b88205dbd200999246260b021fa721c86bf744e8
                                                                                                                        • Instruction ID: 7d5e909c26c2478cc4d8a1152a5e5b16c7ea0641b558a5fde8b477d39de8e8ad
                                                                                                                        • Opcode Fuzzy Hash: 0f72b0bbb797a1947647ee02b88205dbd200999246260b021fa721c86bf744e8
                                                                                                                        • Instruction Fuzzy Hash: 4E8207B4A052899FEB25CFA8C180B9DBBF1BF48308F24C559E859AB355D734E846CF50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E4B8A1 Relevance: 1.6, APIs: 1, Instructions: 323COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1781 61e4b8a1-61e4b8b3 1782 61e4bcd9-61e4bcdf 1781->1782 1783 61e4b8b9-61e4b8bf 1781->1783 1784 61e4bc3e-61e4bc52 call 61e13adf 1782->1784 1785 61e4b8c5-61e4b8d3 call 61e174e9 1783->1785 1786 61e4bc97-61e4bc9b 1783->1786 1800 61e4bc55-61e4bc6b call 61e3720a 1784->1800 1794 61e4bcb7-61e4bcbe call 61e13b24 1785->1794 1798 61e4b8d9-61e4b8dd 1785->1798 1788 61e4bcb3-61e4bcb5 1786->1788 1789 61e4bc9d-61e4bca1 1786->1789 1788->1794 1795 61e4bcc0-61e4bcc8 1788->1795 1789->1788 1792 61e4bca3-61e4bca5 1789->1792 1792->1794 1799 61e4bca7-61e4bcb1 call 61e02c02 1792->1799 1797 61e4bce4-61e4bced 1794->1797 1795->1797 1802 61e4b8ee-61e4b901 1798->1802 1803 61e4b8df-61e4b8e3 1798->1803 1799->1788 1814 61e4bc6d-61e4bc6f 1800->1814 1810 61e4b903-61e4b907 1802->1810 1811 61e4b90f-61e4b927 call 61e01672 1802->1811 1807 61e4b8e9 1803->1807 1808 61e4bcca-61e4bccf 1803->1808 1816 61e4ba69-61e4ba79 call 61e1749a 1807->1816 1808->1794 1812 61e4b90d-61e4b94a 1810->1812 1813 61e4bb4b-61e4bb4f 1810->1813 1825 61e4ba52 1811->1825 1826 61e4b92d 1811->1826 1812->1825 1842 61e4b950-61e4b954 1812->1842 1821 61e4bb51-61e4bb55 1813->1821 1822 61e4bbcf-61e4bbd3 1813->1822 1818 61e4bc77-61e4bc82 call 61e13984 1814->1818 1819 61e4bc71-61e4bc75 1814->1819 1831 61e4bcd5-61e4bcd7 1816->1831 1832 61e4ba7f-61e4ba85 1816->1832 1818->1786 1841 61e4bc84-61e4bc92 call 61e015f8 1818->1841 1819->1786 1819->1818 1821->1822 1829 61e4bb57-61e4bb71 call 61e014e3 1821->1829 1827 61e4bc34-61e4bc3c 1822->1827 1828 61e4bbd5-61e4bbee call 61e01672 1822->1828 1835 61e4ba54-61e4ba56 1825->1835 1826->1810 1827->1784 1827->1786 1828->1827 1852 61e4bbf0-61e4bbf4 1828->1852 1838 61e4bb76-61e4bb78 1829->1838 1831->1794 1839 61e4ba87-61e4ba8b 1832->1839 1840 61e4bafa-61e4bb00 1832->1840 1843 61e4bcd1-61e4bcd3 1835->1843 1844 61e4ba5c-61e4ba5e 1835->1844 1846 61e4bb91-61e4bbad memcmp 1838->1846 1847 61e4bb7a-61e4bb7f 1838->1847 1839->1840 1848 61e4ba8d-61e4baac call 61e01672 1839->1848 1853 61e4bb27-61e4bb2b 1840->1853 1854 61e4bb02-61e4bb0d call 61e0c728 1840->1854 1841->1786 1842->1813 1850 61e4b95a-61e4b966 call 61e02c02 1842->1850 1843->1794 1844->1813 1851 61e4ba64 1844->1851 1846->1822 1858 61e4bbaf-61e4bbba call 61e13984 1846->1858 1847->1843 1856 61e4bb85-61e4bb8f 1847->1856 1848->1840 1874 61e4baae-61e4bab2 1848->1874 1850->1825 1877 61e4b96c-61e4b970 1850->1877 1851->1816 1862 61e4bbf6-61e4bc04 call 61e02c02 1852->1862 1863 61e4bc2a-61e4bc2e 1852->1863 1859 61e4bb2d-61e4bb34 call 61e0296f 1853->1859 1860 61e4bb39-61e4bb3b 1853->1860 1868 61e4bb3d-61e4bb46 call 61e139d7 1854->1868 1873 61e4bb0f-61e4bb25 call 61e4abf5 1854->1873 1856->1846 1858->1822 1881 61e4bbbc-61e4bbca call 61e015f8 1858->1881 1859->1860 1860->1813 1860->1868 1862->1827 1878 61e4bc06-61e4bc0a 1862->1878 1863->1827 1869 61e4bc30 1863->1869 1868->1831 1869->1827 1873->1860 1874->1840 1880 61e4bab4-61e4bade call 61e0161e 1874->1880 1883 61e4ba05-61e4ba07 1877->1883 1884 61e4b976-61e4b978 1877->1884 1885 61e4bc0c-61e4bc1b call 61e0164d 1878->1885 1886 61e4bc1d-61e4bc21 call 61eb24c5 1878->1886 1880->1840 1904 61e4bae0-61e4bae4 1880->1904 1881->1822 1887 61e4ba0d-61e4ba35 call 61e0161e 1883->1887 1888 61e4b97a-61e4b9ae call 61e014e3 1883->1888 1884->1888 1892 61e4b9c4-61e4b9d7 call 61e016ee call 61e1749a 1884->1892 1903 61e4bc26-61e4bc28 1885->1903 1886->1903 1907 61e4ba37 1887->1907 1908 61e4ba49-61e4ba4c 1887->1908 1905 61e4b9b4-61e4b9c2 call 61e014c2 1888->1905 1906 61e4ba3c-61e4ba47 1888->1906 1915 61e4b9d9-61e4b9ed call 61e0164d 1892->1915 1916 61e4b9fb-61e4ba00 call 61e016ff 1892->1916 1903->1827 1904->1840 1910 61e4bae6-61e4baf5 call 61e2a6f9 call 61e014c2 1904->1910 1905->1906 1906->1835 1907->1888 1908->1803 1908->1825 1910->1840 1915->1916 1923 61e4b9ef-61e4b9f6 call 61e0296f 1915->1923 1916->1813 1923->1916
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1475443563-0
                                                                                                                        • Opcode ID: a8ff26a4ae31eb3c0b072aa693abe32b47297d605d85dc291845808d49d3b3ac
                                                                                                                        • Instruction ID: 0d30bdf3ca1535cc6e9debfec2a3fa3a34d16498aff86589297f71c0a5a37c1e
                                                                                                                        • Opcode Fuzzy Hash: a8ff26a4ae31eb3c0b072aa693abe32b47297d605d85dc291845808d49d3b3ac
                                                                                                                        • Instruction Fuzzy Hash: 7DC15D30E082858BEB15CFA8E4D079D7AF1AF8831CF29C46DD8469B349EB74D885CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E4C7C5 Relevance: 8.0, APIs: 4, Strings: 1, Instructions: 467COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 389 61e4c7c5-61e4c7ef call 61e15474 392 61e4c7f5-61e4c7f7 389->392 393 61e4cd8a-61e4cd8e 389->393 394 61e4c803-61e4c80c 392->394 395 61e4c7f9-61e4c7fd 392->395 396 61e4cda0-61e4cda4 393->396 397 61e4cd90-61e4cd9e 393->397 400 61e4c81c-61e4c821 394->400 401 61e4c80e-61e4c815 394->401 395->393 395->394 398 61e4cda6-61e4cda8 396->398 399 61e4cdb0-61e4cdc1 396->399 397->396 402 61e4cdda-61e4cdeb call 61e0c851 398->402 399->398 403 61e4cdc3-61e4cdc7 399->403 405 61e4c834-61e4c838 400->405 406 61e4c823-61e4c82c 400->406 401->400 404 61e4c817 401->404 403->398 407 61e4cdc9-61e4cdd0 call 61e14bcf 403->407 404->400 410 61e4c840-61e4c842 405->410 411 61e4c83a-61e4c83e 405->411 406->402 409 61e4c832 406->409 407->402 409->410 414 61e4c844-61e4c849 410->414 415 61e4c84b-61e4c84f 410->415 411->410 411->414 419 61e4c868-61e4c86f 414->419 416 61e4c875-61e4c88b call 61e02cf3 415->416 417 61e4c851 415->417 416->402 426 61e4c891-61e4c89f 416->426 420 61e4c854-61e4c856 417->420 419->402 419->416 420->416 422 61e4c858-61e4c85d 420->422 424 61e4c863-61e4c866 422->424 425 61e4c85f-61e4c861 422->425 424->420 425->419 427 61e4c8a1-61e4c8a4 426->427 428 61e4c8a8-61e4c8ad 426->428 427->428 429 61e4c8b0-61e4c8b4 428->429 430 61e4c8ba-61e4c8c5 call 61e4b8a1 429->430 431 61e4cb4b-61e4cb4d 429->431 430->431 439 61e4c8cb-61e4c8dc call 61e032bd 430->439 432 61e4cb53-61e4cb57 431->432 433 61e4ccbd-61e4ccbf 431->433 432->433 435 61e4cb5d-61e4cb61 432->435 436 61e4ccc1-61e4ccc3 433->436 437 61e4ccca-61e4cccc call 61e4b5ff 433->437 440 61e4ccc5 435->440 441 61e4cb67-61e4cb6f 435->441 442 61e4ccd1-61e4ccd5 436->442 437->442 450 61e4c8e1-61e4c8e5 439->450 440->437 445 61e4cb75-61e4cb89 441->445 446 61e4cc92-61e4cc98 441->446 447 61e4ccf6-61e4ccf8 442->447 448 61e4ccd7-61e4ccdb 442->448 451 61e4ccae-61e4ccb2 445->451 452 61e4cb8f-61e4cb97 445->452 446->437 454 61e4cc9a-61e4ccac 446->454 447->402 449 61e4ccfe-61e4cd05 447->449 448->402 453 61e4cce1-61e4cceb call 61e05b24 448->453 455 61e4cd25-61e4cd37 449->455 456 61e4cd07-61e4cd0e 449->456 450->431 458 61e4c8eb-61e4c905 450->458 451->436 457 61e4ccb4-61e4ccbb call 61e4c70d 451->457 459 61e4cc66-61e4cc79 call 61e1749a 452->459 460 61e4cb9d-61e4cba4 452->460 453->429 479 61e4ccf1 453->479 454->437 464 61e4cd3c-61e4cd40 455->464 465 61e4cd39 455->465 456->455 462 61e4cd10-61e4cd22 456->462 457->433 466 61e4c935-61e4c938 458->466 467 61e4c907-61e4c933 memcmp 458->467 486 61e4cc8e-61e4cc90 459->486 487 61e4cc7b-61e4cc7d 459->487 468 61e4cba6-61e4cbaa 460->468 469 61e4cbdd-61e4cbea 460->469 462->455 474 61e4cd46-61e4cd59 464->474 475 61e4cdd2-61e4cdd6 464->475 465->464 473 61e4c93b-61e4c94d 466->473 467->473 468->469 476 61e4cbac-61e4cbbc call 61e1749a 468->476 469->440 478 61e4cbf0-61e4cc02 call 61e0c7d9 469->478 480 61e4cac6 473->480 481 61e4c953-61e4c957 473->481 482 61e4cd5e-61e4cd6d 474->482 483 61e4cd5b 474->483 475->397 484 61e4cdd8 475->484 476->446 501 61e4cbc2-61e4cbd9 call 61e0c7b7 476->501 478->446 497 61e4cc08-61e4cc2a memcmp 478->497 479->402 491 61e4cacd-61e4cb25 480->491 481->480 490 61e4c95d-61e4c97a memcmp 481->490 492 61e4cd6f-61e4cd7b call 61e4a221 482->492 493 61e4cdaa-61e4cdae 482->493 483->482 484->398 486->446 496 61e4cc2c-61e4cc50 486->496 487->486 495 61e4cc7f-61e4cc8c call 61e174e9 487->495 498 61e4c980-61e4c987 490->498 499 61e4cb2a 490->499 491->429 492->402 513 61e4cd7d-61e4cd88 492->513 493->397 493->399 495->486 496->451 497->496 503 61e4cc52-61e4cc64 call 61e0c834 497->503 504 61e4c98e-61e4c992 498->504 505 61e4c989 498->505 506 61e4cb2f-61e4cb3c call 61e4b5d8 499->506 501->469 503->454 504->499 511 61e4c998 504->511 505->504 521 61e4cb43-61e4cb45 506->521 516 61e4c9d9-61e4c9f9 memcmp 511->516 517 61e4c99a-61e4c99e 511->517 513->493 516->499 519 61e4c9ff-61e4ca1d 516->519 517->516 520 61e4c9a0-61e4c9b8 call 61eb24c5 517->520 519->499 522 61e4ca23-61e4ca2e 519->522 520->506 526 61e4c9be-61e4c9c5 520->526 521->429 521->431 522->499 525 61e4ca34-61e4ca47 522->525 527 61e4ca7c-61e4ca82 525->527 528 61e4ca49-61e4ca77 call 61e4b5d8 call 61e0c919 call 61e15e54 525->528 526->516 531 61e4c9c7-61e4c9d4 call 61e4b5d8 526->531 529 61e4ca84-61e4ca90 527->529 530 61e4caa3-61e4caa6 527->530 528->521 533 61e4ca92-61e4ca9e call 61e2a72e 529->533 534 61e4caa9-61e4caaf 529->534 530->534 531->429 533->506 534->499 539 61e4cab1-61e4cac4 534->539 539->491
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 1475443563-4108050209
                                                                                                                        • Opcode ID: 5e6f3149d2315a7f97a97c29b0eb816d1210dd2dcce0a1c73a13da43e11864dd
                                                                                                                        • Instruction ID: 3bb57cbd4086e38ca070a1eb41e2420ec87b0c0feb17810d174f813009c16240
                                                                                                                        • Opcode Fuzzy Hash: 5e6f3149d2315a7f97a97c29b0eb816d1210dd2dcce0a1c73a13da43e11864dd
                                                                                                                        • Instruction Fuzzy Hash: 66127D70F05255CFEB05CFA8E484789BBF1AF48318F25C1A9D845AB356D774E88ACB80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E541A0 Relevance: 6.8, APIs: 2, Strings: 2, Instructions: 772stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: strcmp$free
                                                                                                                        • String ID: @$rnal
                                                                                                                        • API String ID: 3401341699-826727331
                                                                                                                        • Opcode ID: bf8b266e26bc42fdac39dc00ff5882abc0b7617591005bd688e0500b149f09b6
                                                                                                                        • Instruction ID: 0ce42be2a52064457b78e7c31244c3f07411abd0ae8e299ce13c5538bbb98839
                                                                                                                        • Opcode Fuzzy Hash: bf8b266e26bc42fdac39dc00ff5882abc0b7617591005bd688e0500b149f09b6
                                                                                                                        • Instruction Fuzzy Hash: 70822470A04259CFEB60CF68C880B89BBF1BF45308F2481EAD8589B352E775D9A5CF51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E4928D Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 309fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1013 61e4928d-61e492cb 1014 61e492cd-61e492df call 61e48f53 1013->1014 1015 61e492eb-61e492f8 call 61e3409f 1013->1015 1022 61e492e5-61e492e8 1014->1022 1023 61e496ef-61e496f8 1014->1023 1020 61e4930f-61e49317 1015->1020 1021 61e492fa-61e4930a call 61e0ae03 1015->1021 1025 61e49332-61e49339 call 61e335bf 1020->1025 1026 61e49319-61e49330 1020->1026 1021->1023 1022->1015 1025->1026 1032 61e4933b-61e49348 1025->1032 1028 61e4935b-61e49378 1026->1028 1033 61e4934a-61e49359 call 61e33549 1028->1033 1034 61e4937a 1028->1034 1035 61e4937d-61e49380 1032->1035 1033->1028 1041 61e493ae-61e493dd 1033->1041 1034->1035 1038 61e49382-61e4938a 1035->1038 1039 61e493ac 1035->1039 1038->1041 1042 61e4938c-61e493a7 call 61e0ae03 * 2 1038->1042 1039->1041 1044 61e493f1-61e4943c call 61e09b35 1041->1044 1045 61e493df-61e493ed 1041->1045 1042->1023 1050 61e4943e-61e49445 call 61e335bf 1044->1050 1051 61e4944b-61e4948b CreateFileW 1044->1051 1045->1044 1050->1051 1060 61e4950d-61e4954d 1050->1060 1054 61e49491-61e49495 1051->1054 1055 61e4959b-61e495ab call 61e2a570 1051->1055 1058 61e49497-61e494d1 call 61e016ee call 61e34429 call 61e016ff 1054->1058 1059 61e494dd-61e494ea call 61e33549 1054->1059 1065 61e495b1-61e495cb call 61e0ae03 * 2 1055->1065 1066 61e49633-61e49637 1055->1066 1058->1059 1094 61e494d3-61e494d7 1058->1094 1059->1051 1068 61e494f0-61e494f3 1059->1068 1076 61e4954f 1060->1076 1077 61e494f8-61e494fc 1060->1077 1091 61e495cd-61e495d1 1065->1091 1092 61e495ff-61e49627 call 61e3381e call 61e2a6f9 1065->1092 1069 61e49647-61e49670 call 61e0ae03 * 2 1066->1069 1070 61e49639-61e49645 1066->1070 1068->1055 1095 61e49674-61e49683 1069->1095 1096 61e49672 1069->1096 1070->1069 1076->1055 1079 61e49551-61e4958b call 61e016ee call 61e34429 call 61e016ff 1077->1079 1080 61e494fe-61e4950b call 61e33549 1077->1080 1079->1080 1114 61e49591-61e49595 1079->1114 1080->1060 1080->1068 1091->1092 1097 61e495d3-61e495fd call 61e4928d 1091->1097 1111 61e4962c-61e4962e 1092->1111 1094->1055 1094->1059 1101 61e49685 1095->1101 1102 61e49689-61e49690 1095->1102 1096->1095 1097->1111 1101->1102 1107 61e496b5-61e496ec 1102->1107 1108 61e49692-61e496af call 61e09b35 1102->1108 1107->1023 1108->1107 1115 61e496b1 1108->1115 1111->1023 1114->1055 1114->1080 1115->1107
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID: exclusive$winOpen
                                                                                                                        • API String ID: 823142352-1568912604
                                                                                                                        • Opcode ID: fbefb8bb2e50369de4768ffbb59d9952fc6cfb2942c402bc5831c395ef54ee7e
                                                                                                                        • Instruction ID: ddd978882cd5270fa8f94071a9300b4b805ea89cb158bd2aa8a7dfbc70792811
                                                                                                                        • Opcode Fuzzy Hash: fbefb8bb2e50369de4768ffbb59d9952fc6cfb2942c402bc5831c395ef54ee7e
                                                                                                                        • Instruction Fuzzy Hash: B4D1A2709047499FDB10DFA9D58478EBBF0AF88318F208929E868EB394E774D985CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E33F01 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1312 61e33f01-61e33f29 1313 61e33f73-61e33f92 1312->1313 1314 61e33f2b 1312->1314 1315 61e33f95-61e33fbc ReadFile 1313->1315 1316 61e33f32-61e33f41 1314->1316 1317 61e33f2d-61e33f30 1314->1317 1318 61e33fd7-61e33fe0 1315->1318 1319 61e33fbe-61e33fd1 call 61e2a570 1315->1319 1320 61e33f43 1316->1320 1321 61e33f56-61e33f70 1316->1321 1317->1313 1317->1316 1318->1319 1330 61e33fe2-61e33fef call 61e33549 1318->1330 1327 61e33fd3-61e33fd5 1319->1327 1328 61e34016-61e34022 1319->1328 1323 61e33f45-61e33f47 1320->1323 1324 61e33f49-61e33f54 1320->1324 1321->1313 1323->1321 1323->1324 1324->1327 1329 61e34027-61e3402e 1327->1329 1328->1329 1330->1315 1333 61e33ff1-61e34014 call 61e3381e 1330->1333 1333->1329
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID: winRead
                                                                                                                        • API String ID: 2738559852-2759563040
                                                                                                                        • Opcode ID: 851fea00ae6f1ba7616ac175e32ee1177d3feb74bace6ba213d978081e29e1e5
                                                                                                                        • Instruction ID: 0463a8294cdaeeb391ba6f45b5ad466d8cdf6662135ec028d0205bc88dba3c8e
                                                                                                                        • Opcode Fuzzy Hash: 851fea00ae6f1ba7616ac175e32ee1177d3feb74bace6ba213d978081e29e1e5
                                                                                                                        • Instruction Fuzzy Hash: 2041E475A052699BCF04CFA8D88498EBBF2FF88314F618529E868A7354D730E941CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A2263C5 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1608 2a2263c5-2a2263d0 1609 2a2263d6-2a226450 call 2a221000 CreateFileW call 2a221000 * 2 FindCloseChangeNotification 1608->1609 1610 2a226457 1608->1610 1609->1610 1618 2a226452 call 2a22635d 1609->1618 1618->1610
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32(2A22A201,80000000,00000001,00000000,00000003,00000080,00000000), ref: 2A2263FD
                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 2A226429
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ChangeCloseCreateFileFindNotification
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 727422849-0
                                                                                                                        • Opcode ID: 020c76ff6c63822b97a97448b24ed4e00ed7d73fca35b022d202c0ed5cda1de0
                                                                                                                        • Instruction ID: 9d71bef1373d270af357fc2e5046d5b54213565672e197ca8387602480c44b00
                                                                                                                        • Opcode Fuzzy Hash: 020c76ff6c63822b97a97448b24ed4e00ed7d73fca35b022d202c0ed5cda1de0
                                                                                                                        • Instruction Fuzzy Hash: 35012832281500BEFBB567A4CD46FA43381EBD0700F654121F904EB4E2C974FE049608
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2A652 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1925 61e2a652-61e2a674 realloc 1926 61e2a683-61e2a6a5 call 61e2a4ce 1925->1926 1927 61e2a676-61e2a681 1925->1927 1928 61e2a6a8-61e2a6ae 1926->1928 1927->1928
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: realloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 471065373-0
                                                                                                                        • Opcode ID: e26b6afafbe88dd408296985b2cf5437b863de116ceff75567ad09f3e2b45908
                                                                                                                        • Instruction ID: 4040ac9b910eb7d7724dfc403353a0a40a3fe088e4c24dccbd46c39564703f2d
                                                                                                                        • Opcode Fuzzy Hash: e26b6afafbe88dd408296985b2cf5437b863de116ceff75567ad09f3e2b45908
                                                                                                                        • Instruction Fuzzy Hash: C3F0F97180530A9FDB109F55C58195DFBE8EF84268F14C86DE8984B310D374E544CF91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0AE03 Relevance: 1.3, APIs: 1, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1294909896-0
                                                                                                                        • Opcode ID: 515cd9b0cc975ca03c008dfe43f6ff5eb83953987e78c9cd7cdb726aa12e4eb5
                                                                                                                        • Instruction ID: a929929d55870eb2e3dfc3d9b08de53e37bb6c9da6c43a06ed963554b33c57a4
                                                                                                                        • Opcode Fuzzy Hash: 515cd9b0cc975ca03c008dfe43f6ff5eb83953987e78c9cd7cdb726aa12e4eb5
                                                                                                                        • Instruction Fuzzy Hash: A5F090B1554708CFDB006FA8E8C52153BA4F746219F5840BAE8150B201D735D5E1CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2A6AF Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2803490479-0
                                                                                                                        • Opcode ID: 1f2356de957b5852e51c4f16dd739168b253dd6d2aac726755fb4680bcc79cb1
                                                                                                                        • Instruction ID: 08a60fc229ca929b4850671bf03eed3452f9cad2ea52f9bb94d0a5c68b8f0e05
                                                                                                                        • Opcode Fuzzy Hash: 1f2356de957b5852e51c4f16dd739168b253dd6d2aac726755fb4680bcc79cb1
                                                                                                                        • Instruction Fuzzy Hash: 68F039B0C4830A9FCB009FA5DAC5A0DBBE8EB84258F14C46DE8988F710D334E580CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 61E4304E Relevance: 31.5, APIs: 1, Strings: 19, Instructions: 1527COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: za$H$M$Q{a$ROWID$aggregate$ambiguous column name$excluded$false$main$new$no such column$non-deterministic functions$old$parameters$subqueries$the "." operator$true$window
                                                                                                                        • API String ID: 0-995943838
                                                                                                                        • Opcode ID: e289931867c22b3b2b5c15c539e3e1e0f969360927f4254d56908ed90e18b91f
                                                                                                                        • Instruction ID: 1d323ea87534b4984c39532d96b7a68bc5a2d3eb5612128e3b04e89f7f046be3
                                                                                                                        • Opcode Fuzzy Hash: e289931867c22b3b2b5c15c539e3e1e0f969360927f4254d56908ed90e18b91f
                                                                                                                        • Instruction Fuzzy Hash: 9AF25A74A042658FEB20CF68D980B99BBF1BF49308F24C5DAD8999B391D770E985CF50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E94783 Relevance: 22.4, Strings: 17, Instructions: 1152COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: free
                                                                                                                        • String ID: , ?$4$8a$@Da$__langid$_content$bua$bua$bua$compress$content$fts3$rowid$simple$uncompress$va$a
                                                                                                                        • API String ID: 1294909896-3798220086
                                                                                                                        • Opcode ID: ba4c73f9344750764dff1fade232655f42d8a9c7eefb1481278b5d197693f50e
                                                                                                                        • Instruction ID: ef7f48c3fdd7dc8ca6414c769173e2ec05d9438d07e734940b1c5d50411cadd4
                                                                                                                        • Opcode Fuzzy Hash: ba4c73f9344750764dff1fade232655f42d8a9c7eefb1481278b5d197693f50e
                                                                                                                        • Instruction Fuzzy Hash: 40C2B0B49083598FDB10CFA8C58479DBBF1AF88318F2589AED898AB341D774D985CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E89E0E Relevance: 21.9, APIs: 1, Strings: 13, Instructions: 889COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $, $,)?$<va$BINARY$TABLE$VIEW$bua$bua$bua$sqlite_sequence$table$view
                                                                                                                        • API String ID: 0-1924526440
                                                                                                                        • Opcode ID: 477c36b52fc64823719cea4cd9a4285d391a63348142dc1e68db11b3679a7b7f
                                                                                                                        • Instruction ID: 7e928e732a07f98dc879ebd84ab0464052c32152e924ddb65c1e78ed1b741658
                                                                                                                        • Opcode Fuzzy Hash: 477c36b52fc64823719cea4cd9a4285d391a63348142dc1e68db11b3679a7b7f
                                                                                                                        • Instruction Fuzzy Hash: 92824674A45245CFDB44CFA8C18079DBBF1BF88308F25C569E899AB3A5D774E882CB41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E9E24F Relevance: 17.1, Strings: 13, Instructions: 869COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: bua$bua$config$content$data$docsize$id INTEGER PRIMARY KEY, block BLOB$id INTEGER PRIMARY KEY, sz BLOB$idx$k PRIMARY KEY, v$rowid$segid, term, pgno, PRIMARY KEY(segid, term)$version
                                                                                                                        • API String ID: 0-2268357529
                                                                                                                        • Opcode ID: 9bcf49bc565187afab332913d4634d8b2cee858e185ece13e3ebc56dd0ac48c8
                                                                                                                        • Instruction ID: f9c2f8dafde392a94833a84278d27f7abaf5337b7a20f26a6dc113648fca896e
                                                                                                                        • Opcode Fuzzy Hash: 9bcf49bc565187afab332913d4634d8b2cee858e185ece13e3ebc56dd0ac48c8
                                                                                                                        • Instruction Fuzzy Hash: FE8206B49046499FDB10CFA9C18079DBBF1BF89318F25C92EE894AB395D774D881CB42
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EA2F47 Relevance: 10.3, APIs: 2, Strings: 4, Instructions: 1261COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: DELETE from$UPDATE$content$docsize
                                                                                                                        • API String ID: 1475443563-2142216780
                                                                                                                        • Opcode ID: cfe8dd36447f5c87a997d22ee7480b159a5443c272ed03fefd8aad1bb905de17
                                                                                                                        • Instruction ID: 70c6a14bc8af06d6aef6aa9ad5cb9e7fc1cc1a093b7b28355e50790c232760be
                                                                                                                        • Opcode Fuzzy Hash: cfe8dd36447f5c87a997d22ee7480b159a5443c272ed03fefd8aad1bb905de17
                                                                                                                        • Instruction Fuzzy Hash: ABC2F674A042598FDB10DFA8C980B8DBBF1BF88308F2585A9D849AB345D774ED85CF81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E56F18 Relevance: 9.6, APIs: 5, Strings: 1, Instructions: 606COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: NEAR
                                                                                                                        • API String ID: 1475443563-1088024997
                                                                                                                        • Opcode ID: 4d2cf3cb9872dd5940cabedcc3a15d50b3ea5f83f0767353deead4732f133efd
                                                                                                                        • Instruction ID: b4e98ac7f2dea276e522b18a44adf406a464a3194d3be0cff96e2c83306ccf13
                                                                                                                        • Opcode Fuzzy Hash: 4d2cf3cb9872dd5940cabedcc3a15d50b3ea5f83f0767353deead4732f133efd
                                                                                                                        • Instruction Fuzzy Hash: 464234B4D08289CFDB80CFA8C18479DBBF1BB49308FA4C45AD8549B345D776E8A6CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E64E0C Relevance: 9.5, Strings: 5, Instructions: 3235COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $ N$BINARY$J$`
                                                                                                                        • API String ID: 0-2078302688
                                                                                                                        • Opcode ID: 205682a561138bcb6a710c7f7428b934cef1c40cdd08bb27edb1ef22482e4d07
                                                                                                                        • Instruction ID: 8b687d588507154f9b7ca5d7c21d8a58e11a900b957e56d8d79dd7eab4857ed6
                                                                                                                        • Opcode Fuzzy Hash: 205682a561138bcb6a710c7f7428b934cef1c40cdd08bb27edb1ef22482e4d07
                                                                                                                        • Instruction Fuzzy Hash: 3C730474A452698FEB60CF18C880B99B7F1BF49314F6585DAD848AB391D770EE81CF90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E7B85E Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 1812stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: strcmp
                                                                                                                        • String ID: BINARY$p$q$rows inserted
                                                                                                                        • API String ID: 1004003707-1829360308
                                                                                                                        • Opcode ID: edff5afc14e77e015ef3505c33aafbff6d17b2276f7888dea0f588066a8c2430
                                                                                                                        • Instruction ID: 065edfd01cf961ed3b9e2e1e11ae97a3b52417d8b8be7254ab2c95bfb3f70183
                                                                                                                        • Opcode Fuzzy Hash: edff5afc14e77e015ef3505c33aafbff6d17b2276f7888dea0f588066a8c2430
                                                                                                                        • Instruction Fuzzy Hash: 8113D574A0425A8FEB21CF68C980B99B7F1AB89304F20C5E9D889A7351D774EEC5CF51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E62CA3 Relevance: 9.1, Strings: 6, Instructions: 1622COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 2$BINARY$E$NOCASE$false$u
                                                                                                                        • API String ID: 0-3666730823
                                                                                                                        • Opcode ID: efa8139e6f5d2f11e70d044c05088fc83a1464dfbf57832dfbff18415d5b4c26
                                                                                                                        • Instruction ID: 6b9246b4563a5e155af7b98e7ab84f845b82c0e831d1f7dba739a0367b6c7f33
                                                                                                                        • Opcode Fuzzy Hash: efa8139e6f5d2f11e70d044c05088fc83a1464dfbf57832dfbff18415d5b4c26
                                                                                                                        • Instruction Fuzzy Hash: 39F24774A442598FDB10CFA8C480B8DBBF5BF49318F65C169E858AB355D734EC86CB90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E19208 Relevance: 8.5, Strings: 6, Instructions: 967COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$$-$-$Inf$NaN
                                                                                                                        • API String ID: 0-2883260867
                                                                                                                        • Opcode ID: 028b7e2239e5b65ec7313dae655860b22c75c4cb4265c042bc54a10a851200c5
                                                                                                                        • Instruction ID: 08ada5b9c357915bf8dc0511ebd4b169d1569d08758c0a6763b5a4183e8dfcc3
                                                                                                                        • Opcode Fuzzy Hash: 028b7e2239e5b65ec7313dae655860b22c75c4cb4265c042bc54a10a851200c5
                                                                                                                        • Instruction Fuzzy Hash: 8D92B370E4D2958EDB219B68C881398BBF1AB86344F34C4D9C49D9736AE735CAC9CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E9316A Relevance: 8.3, Strings: 6, Instructions: 804COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: A$]a$bua$ha$ma$snippet
                                                                                                                        • API String ID: 0-4021802672
                                                                                                                        • Opcode ID: 6a4c09e2da3f509035e1c680888309e77d346293ee25369e08d4b4030ba6012e
                                                                                                                        • Instruction ID: b2623b0ed89b922f0be96898bd960c36401f43a5980a856a5f0c11e76d1438fa
                                                                                                                        • Opcode Fuzzy Hash: 6a4c09e2da3f509035e1c680888309e77d346293ee25369e08d4b4030ba6012e
                                                                                                                        • Instruction Fuzzy Hash: C392CF7490426ACFDB64CF69C884BC9B7B1BB48314F2486EAD85DAB250D7709EC5CF90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E86668 Relevance: 8.2, Strings: 6, Instructions: 719COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: missing from index $d$non-unique entry in index $q$row $wrong # of entries in index
                                                                                                                        • API String ID: 0-2434882124
                                                                                                                        • Opcode ID: b09cbf8703d9d87b2f1a8ebc32f32eaaf7384cf710c0e597a158d0954e8262a1
                                                                                                                        • Instruction ID: 64764bd2453105caa9badb98113fecf854144ac2eeaebcc13dcf1322e2d74596
                                                                                                                        • Opcode Fuzzy Hash: b09cbf8703d9d87b2f1a8ebc32f32eaaf7384cf710c0e597a158d0954e8262a1
                                                                                                                        • Instruction Fuzzy Hash: 5272E374A042898FDB50DFA8C59079DBBF1BB88304F20C56DE8A8AB395D775E942CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EAF900 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32 ref: 61EAF94F
                                                                                                                        • UnhandledExceptionFilter.KERNEL32 ref: 61EAF95F
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 61EAF968
                                                                                                                        • TerminateProcess.KERNEL32 ref: 61EAF979
                                                                                                                        • abort.MSVCRT ref: 61EAF982
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 520269711-0
                                                                                                                        • Opcode ID: a4a9847f77e74dada988f497729c1a98e5ce87648e4cbf1531909a786ce77a21
                                                                                                                        • Instruction ID: c24ac7f06ebf37709200600ee493e26a75483ae19b01d267103323a56ae8c6ad
                                                                                                                        • Opcode Fuzzy Hash: a4a9847f77e74dada988f497729c1a98e5ce87648e4cbf1531909a786ce77a21
                                                                                                                        • Instruction Fuzzy Hash: A911C0B5A14A04CFDB00EFB9D64861EBBF0EB5A304F548929E998CB311E774D9848F52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EAF850 Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32 ref: 61EAF889
                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61EAF89A
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 61EAF8A2
                                                                                                                        • GetTickCount.KERNEL32 ref: 61EAF8AA
                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61EAF8B9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1445889803-0
                                                                                                                        • Opcode ID: 11ba3c5eec943ccd272f0a4fc468b32cfef13cd0c029082f67a55811cb38d485
                                                                                                                        • Instruction ID: 8be46cd1f480235cb6d0906dde7f3b0c5fd652d59fe7cf958993e94cb5683476
                                                                                                                        • Opcode Fuzzy Hash: 11ba3c5eec943ccd272f0a4fc468b32cfef13cd0c029082f67a55811cb38d485
                                                                                                                        • Instruction Fuzzy Hash: 8D1170B29553118FCB00DFB9E58855BBBE0FB89654F050939E544CB200EB35D9898B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EA0BA9 Relevance: 6.9, Strings: 5, Instructions: 655COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $ASC$DESC$bua$bua
                                                                                                                        • API String ID: 0-1029442847
                                                                                                                        • Opcode ID: 11004552ce44e21a703aa9b93f3190501c3d6f2c22066ac9fe7d5c7b9da07f3f
                                                                                                                        • Instruction ID: 8ab5de4e3564c360289137fee1b889a4ea914830ed3e88a553d2216b992680de
                                                                                                                        • Opcode Fuzzy Hash: 11004552ce44e21a703aa9b93f3190501c3d6f2c22066ac9fe7d5c7b9da07f3f
                                                                                                                        • Instruction Fuzzy Hash: 0852E2B4A053498FDB10CFA9C580A8EBBF1BF89304F25856DE899AB351D734E846CF51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E95D7A Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 634COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: bua
                                                                                                                        • API String ID: 0-3993766197
                                                                                                                        • Opcode ID: 52c6be3e544cde4861d3357b588add8e778dedffd4832021fb38687e275be97c
                                                                                                                        • Instruction ID: 89212f946684aa561643b7df03f99292a836ac537f2e11e87534a7b7dd14634b
                                                                                                                        • Opcode Fuzzy Hash: 52c6be3e544cde4861d3357b588add8e778dedffd4832021fb38687e275be97c
                                                                                                                        • Instruction Fuzzy Hash: 80520870E05299CFDB01DFE8C484A8DBBF1BF48314F65886AE854AB355D774E886CB81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E69E8F Relevance: 5.1, Strings: 3, Instructions: 1365COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $UNION$bua
                                                                                                                        • API String ID: 0-1951513331
                                                                                                                        • Opcode ID: 08548ec529c2c50937b245922a76a6e3673d84f92a52e20a33822fab6eb66f8c
                                                                                                                        • Instruction ID: 9efb736ff544b0c2fdcebf589f92ceeca8f8718efffafec2a72c2baed2a884dd
                                                                                                                        • Opcode Fuzzy Hash: 08548ec529c2c50937b245922a76a6e3673d84f92a52e20a33822fab6eb66f8c
                                                                                                                        • Instruction Fuzzy Hash: EAE2E374A442698FDB60CF68C990B9DBBF1BF88304F60C099E898AB355DB35D985CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E4E4BF Relevance: 5.0, APIs: 3, Instructions: 1300COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2162964266-0
                                                                                                                        • Opcode ID: 3052dd6b183d23eb00fa257d1b6072fbe3f93ea8dff08481288801a980e7090e
                                                                                                                        • Instruction ID: bc40f1fef1a9170960cc57993c705059dbee377a108b532450c26420989eb83f
                                                                                                                        • Opcode Fuzzy Hash: 3052dd6b183d23eb00fa257d1b6072fbe3f93ea8dff08481288801a980e7090e
                                                                                                                        • Instruction Fuzzy Hash: ACE2F174A046698FCB65CF69D880BD9B7F1BF89314F2481E9D948A7314D738AE85CF80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E77452 Relevance: 4.4, Strings: 2, Instructions: 1874COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ROWID$rows updated
                                                                                                                        • API String ID: 0-3149524134
                                                                                                                        • Opcode ID: 10c3c291b6250a95a3628b654b38b879a742252964cfea307f88bfded4c6e01f
                                                                                                                        • Instruction ID: d39c60c32cc69d7ad3465f9f6cb7242007ae0eab8187012a9ec74863cc1168bc
                                                                                                                        • Opcode Fuzzy Hash: 10c3c291b6250a95a3628b654b38b879a742252964cfea307f88bfded4c6e01f
                                                                                                                        • Instruction Fuzzy Hash: 5913E474A04259CFEB20CFA8C484B9DBBF1BF89308F208559D899AB355D774E986CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E6DDA5 Relevance: 4.1, Strings: 3, Instructions: 351COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $va$($string or blob too big
                                                                                                                        • API String ID: 0-3448955768
                                                                                                                        • Opcode ID: b9a2e2e4c654b18e60725bc55a6a3754bc963e451acf320c2e7420e9f1d3aa01
                                                                                                                        • Instruction ID: b6e0e817358a091974468e7adaedc076c3e46fc0117c532e15c918051c0b76fc
                                                                                                                        • Opcode Fuzzy Hash: b9a2e2e4c654b18e60725bc55a6a3754bc963e451acf320c2e7420e9f1d3aa01
                                                                                                                        • Instruction Fuzzy Hash: 0AF16675D446288BDB68CF19CC803C8B7B5BB59318FA981D9D88867385D774EEC18F81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E9F0ED Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 858COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1475443563-3916222277
                                                                                                                        • Opcode ID: 652460d73263bdf4d719ca70a6f2cc424e75321fe8c6a35287bb2097d5c0c26c
                                                                                                                        • Instruction ID: bfece18307556e4ef4cbbc35f99f21af59f03d97bd6a6be96c4aa07d47f44be4
                                                                                                                        • Opcode Fuzzy Hash: 652460d73263bdf4d719ca70a6f2cc424e75321fe8c6a35287bb2097d5c0c26c
                                                                                                                        • Instruction Fuzzy Hash: 9F82D375E04259CFDB04CFA8C580A8DBBF1BF88308F258569E859AB355D778E946CF80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EA70CF Relevance: 3.2, Strings: 1, Instructions: 1931COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: d
                                                                                                                        • API String ID: 0-2564639436
                                                                                                                        • Opcode ID: 9c9e38171c6603f8093b714fb000efb1f28052484ede3b556d4bca0120f0b4e8
                                                                                                                        • Instruction ID: a6081b29965de0926bd1f9b116bef4fbec5f60393564f64626f3e1bb6397bda8
                                                                                                                        • Opcode Fuzzy Hash: 9c9e38171c6603f8093b714fb000efb1f28052484ede3b556d4bca0120f0b4e8
                                                                                                                        • Instruction Fuzzy Hash: 5823C374A04259CFDB60DFA8C884B8DBBF1BF88308F2585A9D888AB345D775D985CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E31DAB Relevance: 3.1, Strings: 2, Instructions: 599COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ?$@
                                                                                                                        • API String ID: 0-1463999369
                                                                                                                        • Opcode ID: 17282316eccadc5d136356c8655e5051220d6aaf7da56665674151cdb10d9dda
                                                                                                                        • Instruction ID: eb37215bc7a8fd5f0b65b01ac5f6a00cefd0b4980fd33cabf8589fd9f13e8be8
                                                                                                                        • Opcode Fuzzy Hash: 17282316eccadc5d136356c8655e5051220d6aaf7da56665674151cdb10d9dda
                                                                                                                        • Instruction Fuzzy Hash: 11422734E0426A8BDB11CFA9C5807DDBBF1BF99314F248199D894AB391D335E986CF90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E25FA2 Relevance: 3.1, Strings: 2, Instructions: 560COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $va$BINARY
                                                                                                                        • API String ID: 0-1706479968
                                                                                                                        • Opcode ID: 174683a009bcc6a4cbd855a3ac320b703f60fd0ea0e98f68b5225d26e58ec989
                                                                                                                        • Instruction ID: 51ae49446533dd8fd2a3531cbcacbf2776eddcb6362a0c0b66c52bdc41a6a382
                                                                                                                        • Opcode Fuzzy Hash: 174683a009bcc6a4cbd855a3ac320b703f60fd0ea0e98f68b5225d26e58ec989
                                                                                                                        • Instruction Fuzzy Hash: 1B421375E05299CFDB10CF98C590A8DBBF1BF88314F248629E858AB395D374E846CF81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E62554 Relevance: 3.0, Strings: 2, Instructions: 459COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0$BINARY
                                                                                                                        • API String ID: 0-1556553403
                                                                                                                        • Opcode ID: 9b720d48a7ff08584b00a733e1c7b0591028ec92d24130de9680df42adbd2a4f
                                                                                                                        • Instruction ID: e60323d610b5e953cfa2bbac53d573cb4ccd773d83c01c1116e4164fd3caed25
                                                                                                                        • Opcode Fuzzy Hash: 9b720d48a7ff08584b00a733e1c7b0591028ec92d24130de9680df42adbd2a4f
                                                                                                                        • Instruction Fuzzy Hash: 5E22E1B4E0425A8FDB04CFA8D480A9DBBF1FF98314F658569E859AB355D734E842CF80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E8D0B6 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 9ua$BINARY
                                                                                                                        • API String ID: 0-3775120692
                                                                                                                        • Opcode ID: 5952825176845502c0630c963f1cf7dda46f62ee53b696e1af0b9cc7c28b5bff
                                                                                                                        • Instruction ID: a257fdc816b75983c87695270593668a71f4eb775f4fb4bb7c1b83965cb32a4b
                                                                                                                        • Opcode Fuzzy Hash: 5952825176845502c0630c963f1cf7dda46f62ee53b696e1af0b9cc7c28b5bff
                                                                                                                        • Instruction Fuzzy Hash: ED811978A0461A9FDB41CFA9D58079EBBF1BF88758F21C02AEC58AB354D774D841CB90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E7A790 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4
                                                                                                                        • API String ID: 0-4088798008
                                                                                                                        • Opcode ID: b1c85b9edcee8372ad259f730a460971789aed980db87fee4e25cf3816e41443
                                                                                                                        • Instruction ID: 518d6d0113e266a091a0cbf43dd9b6b92f5400263bfdc1a72100ca210d41eac5
                                                                                                                        • Opcode Fuzzy Hash: b1c85b9edcee8372ad259f730a460971789aed980db87fee4e25cf3816e41443
                                                                                                                        • Instruction Fuzzy Hash: E7C2D274A042598FEB20CFA8C490B9DBBF1BF89308F24C559E855AB390D774E886CF51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E98FE2 Relevance: 2.2, Strings: 1, Instructions: 993COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 0-4108050209
                                                                                                                        • Opcode ID: 1683cc5e6fcc29f367190e58bbfdda77c9789cfa2534cb2ac865ad9609eb6d8f
                                                                                                                        • Instruction ID: b9cfdf9aff36692a2be4ad7309719c75a621d287fa98b86d1028b92f8662c608
                                                                                                                        • Opcode Fuzzy Hash: 1683cc5e6fcc29f367190e58bbfdda77c9789cfa2534cb2ac865ad9609eb6d8f
                                                                                                                        • Instruction Fuzzy Hash: 83A2F775A04229CFDB25CF68C890B99BBB1BB89304F2584D9D88DA7351DB30EE85CF51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E9FBF0 Relevance: 1.7, APIs: 1, Instructions: 496COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1475443563-0
                                                                                                                        • Opcode ID: f0e223f4e7dde77cf69cf17d1b16d38c815983f1c3fe0e1417d9e3426bf97463
                                                                                                                        • Instruction ID: 797909e4487367ccd8785a7356e571bcdb88a46cf15c43a51895c5e5f409efd9
                                                                                                                        • Opcode Fuzzy Hash: f0e223f4e7dde77cf69cf17d1b16d38c815983f1c3fe0e1417d9e3426bf97463
                                                                                                                        • Instruction Fuzzy Hash: 8A32EF74A04259CFDB04CFA8C584B8DBBF1BF88318F25C56AE858AB355D774E846CB41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E40065 Relevance: 1.6, APIs: 1, Instructions: 349COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1475443563-0
                                                                                                                        • Opcode ID: 82c5080adff732aa16026258a5585b3c81513096f7676642f0750af1a48823a4
                                                                                                                        • Instruction ID: 5f607dce3bb248c7bc7ba639c908390524c363e3b0c88829d9203463054831df
                                                                                                                        • Opcode Fuzzy Hash: 82c5080adff732aa16026258a5585b3c81513096f7676642f0750af1a48823a4
                                                                                                                        • Instruction Fuzzy Hash: D4E12675A04209CFDB04CFA8D49069EBBF2BF98314F29856AEC54EB346D734E951CB90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E91DC1 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 'a
                                                                                                                        • API String ID: 0-1265788581
                                                                                                                        • Opcode ID: ab7145635c82bd9b1b0131236768f0da4658b82cfd9f1350a3d2dada9f499ded
                                                                                                                        • Instruction ID: 2a1e93e661ff6ac72fb5e1383ae7a1199ccbf3477a44a7f34e58db07055c9281
                                                                                                                        • Opcode Fuzzy Hash: ab7145635c82bd9b1b0131236768f0da4658b82cfd9f1350a3d2dada9f499ded
                                                                                                                        • Instruction Fuzzy Hash: 97C1E47490561A9FDB04DFA9C48069EBBF5BF98314F20C969E894AB304D730E885CF91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E18736 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: h(a
                                                                                                                        • API String ID: 0-2400461097
                                                                                                                        • Opcode ID: 5ee77b5fb974a29124882730f08498d74f86221d2b172790f955c6dba14d74d0
                                                                                                                        • Instruction ID: f5bca11cc97640b6e875e2d2b4b9a879d1eb82f3f63dc60f1c56b61e4975c6c7
                                                                                                                        • Opcode Fuzzy Hash: 5ee77b5fb974a29124882730f08498d74f86221d2b172790f955c6dba14d74d0
                                                                                                                        • Instruction Fuzzy Hash: 6C91A03090C2918BEB05CEA8D4C2B59BBB2AF85308F6CC199DC499F38AC775D855D791
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D68C Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: bua
                                                                                                                        • API String ID: 0-3993766197
                                                                                                                        • Opcode ID: 633315b2ebd987899b0574c5a9c2535cb517164b27f88ba4281f08561b9dd3a8
                                                                                                                        • Instruction ID: 2dbdb228c3cab7288b2b063f09620b15a0131b4afe136593b5dc23e7c01abf69
                                                                                                                        • Opcode Fuzzy Hash: 633315b2ebd987899b0574c5a9c2535cb517164b27f88ba4281f08561b9dd3a8
                                                                                                                        • Instruction Fuzzy Hash: BF112A74A0434A8FCB04CF6DC5C058ABBE4FF88265F248529ED48CB301D374E991CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EA91F6 Relevance: .9, Instructions: 922COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8e9c2de88e15720abfe36889467c93605a7d8ca8968bb05d13659a39059123bd
                                                                                                                        • Instruction ID: 746819fbde02672c5e9b0b23433deca564a22272aedf92c5aa0001529aa1c472
                                                                                                                        • Opcode Fuzzy Hash: 8e9c2de88e15720abfe36889467c93605a7d8ca8968bb05d13659a39059123bd
                                                                                                                        • Instruction Fuzzy Hash: ABA2E6B4A043698FDB10DF68C88478DBBF1BF89308F2589A9D889AB344D775D985CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EA5B62 Relevance: .8, Instructions: 840COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: db62365491715937999746577448bffa7923a641c61cf7b17e4a38164d9f0653
                                                                                                                        • Instruction ID: a44220d8eda0408d574e55f09471a4b8d90abc40079a2b9137b2c96c3645ed57
                                                                                                                        • Opcode Fuzzy Hash: db62365491715937999746577448bffa7923a641c61cf7b17e4a38164d9f0653
                                                                                                                        • Instruction Fuzzy Hash: 3882E275A043598FDB50CFA9C880B8DBBF1BF89318F2585A9E858AB341D774E981CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E6904E Relevance: .8, Instructions: 834COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cdee5f106130f9c003e98ff858ec0a85d67dd58a6e597a66ac0da64aa36c3f40
                                                                                                                        • Instruction ID: 64511e9e7bc8a538c31c2dec79f9366059c8cda353a3f8e3c319e5c84b16a323
                                                                                                                        • Opcode Fuzzy Hash: cdee5f106130f9c003e98ff858ec0a85d67dd58a6e597a66ac0da64aa36c3f40
                                                                                                                        • Instruction Fuzzy Hash: A382EE74A442598FDB10DFA8C490B9EBBF6BF89308F60842DD899AB345DB74E845CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E9D0C3 Relevance: .6, Instructions: 639COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 58010b9c1f0d999433e5b18c6f47566a29e3a6c5af20a6dc7c95a0469ad99757
                                                                                                                        • Instruction ID: bf890a49f948a95996c0874b8a48064969d64c08d11fd484a8260e1bd552f906
                                                                                                                        • Opcode Fuzzy Hash: 58010b9c1f0d999433e5b18c6f47566a29e3a6c5af20a6dc7c95a0469ad99757
                                                                                                                        • Instruction Fuzzy Hash: 4062D2789052298BDB25CF58C9807C9B7F1BB49314F2589EAD848AB351D774EEC1CF90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E534E3 Relevance: .6, Instructions: 638COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b151c5699c924ba965d7e606cb673ecba401ccb569ae61ecce91f491f25524c2
                                                                                                                        • Instruction ID: 9d8ba64b78ef50a58b18041be0aa597e26323e47a4c979711dc9b8f68f915d3c
                                                                                                                        • Opcode Fuzzy Hash: b151c5699c924ba965d7e606cb673ecba401ccb569ae61ecce91f491f25524c2
                                                                                                                        • Instruction Fuzzy Hash: C362D774A05269CFDBA0CF68C880B89B7B1BB48308F2585E9D84DAB345D731EE95CF51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E55BD7 Relevance: .6, Instructions: 617COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2169874bd747550d2b124de943c030724899a2f04aac3c7e4c0cdb5ce11a48ea
                                                                                                                        • Instruction ID: e0a500f3d695454715f18051163da62669697884006f913259c36ef59c383f1b
                                                                                                                        • Opcode Fuzzy Hash: 2169874bd747550d2b124de943c030724899a2f04aac3c7e4c0cdb5ce11a48ea
                                                                                                                        • Instruction Fuzzy Hash: 5042B070A052859FEB54CFA8C48479EBBF1BF88308F24C56DE8589B391C736D861CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E58670 Relevance: .6, Instructions: 613COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8978555ce2425aa3b3ddfa9e1e8d641089471ef8d0f3d36793c637034a778acd
                                                                                                                        • Instruction ID: 7acb60ce99df90a8d4815b3c5ed6ca94b274d674d137866997d0d1df3706a504
                                                                                                                        • Opcode Fuzzy Hash: 8978555ce2425aa3b3ddfa9e1e8d641089471ef8d0f3d36793c637034a778acd
                                                                                                                        • Instruction Fuzzy Hash: 91525970A14269CFEBA4CF29C880B89B7B1BB49314F2481D9D84DAB342D731EE95DF51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E4CEF9 Relevance: .5, Instructions: 486COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 33164d37dc1f8bc3c6465863d80b3bf23a647da6b8e1d50295bdad47704f48e9
                                                                                                                        • Instruction ID: 19f4867394c01e4d8c9e316edce12a8cee81f65b8fdb4e74c3c7cf9959f5a621
                                                                                                                        • Opcode Fuzzy Hash: 33164d37dc1f8bc3c6465863d80b3bf23a647da6b8e1d50295bdad47704f48e9
                                                                                                                        • Instruction Fuzzy Hash: 19121678A0525ADFCB05CFA9E480A8DB7F1BF59318F21C165E815AB360D774EC82CB90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E52F80 Relevance: .4, Instructions: 422COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cc2588524871c951a60f1b2fce8abbe6d5b26ae1e84268bc98c8063506949ee5
                                                                                                                        • Instruction ID: d69fdf5d9c806f7edba15bc314e05e9f3cdc1a2150cd31b96f5dbe42976c28ee
                                                                                                                        • Opcode Fuzzy Hash: cc2588524871c951a60f1b2fce8abbe6d5b26ae1e84268bc98c8063506949ee5
                                                                                                                        • Instruction Fuzzy Hash: C8022674A05245CFDF49CFA8C590A9DBBF2AF88318F25C069E815AB345DB36E891CF50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E1DEC2 Relevance: .4, Instructions: 386COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0009230b87fc886eed7ce7e11b94bf72c1abcc1dc72f1cc9b19a1b34b6dec77d
                                                                                                                        • Instruction ID: 4023b7f274c616fb69ecadc0a802b8025637675746aaadec300ab2c9a24e8e17
                                                                                                                        • Opcode Fuzzy Hash: 0009230b87fc886eed7ce7e11b94bf72c1abcc1dc72f1cc9b19a1b34b6dec77d
                                                                                                                        • Instruction Fuzzy Hash: A5D15F6291EE818FD70A8579C8662BDBFA2AF9A31472CC3ADE0534FBCDD128C545C711
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E10856 Relevance: .3, Instructions: 308COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c0cc950a9d611d45ec736ade90280dfb09da3b2b2986ef2fb50fd54848431665
                                                                                                                        • Instruction ID: c10a399038eb35cab1d0fd47fbf04f5bffad08025378c4b9320364a8326b92cd
                                                                                                                        • Opcode Fuzzy Hash: c0cc950a9d611d45ec736ade90280dfb09da3b2b2986ef2fb50fd54848431665
                                                                                                                        • Instruction Fuzzy Hash: EBB1273390E6858AD7118DB8CC92289BB63AFD6318B3CC365E060CE3CDD274C55AD352
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E37930 Relevance: .3, Instructions: 254COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 481b6b00b081b4320c04b5961dfb85ef1799ca06dd5eb79cfd6515449694c142
                                                                                                                        • Instruction ID: 3210fe7c149a8df005d633ee7ab480dd5827b519719accc1fa5954128a221567
                                                                                                                        • Opcode Fuzzy Hash: 481b6b00b081b4320c04b5961dfb85ef1799ca06dd5eb79cfd6515449694c142
                                                                                                                        • Instruction Fuzzy Hash: 2591C371E44266CBEB199E98C8807597AF2ABC8348F35C5E9C45A9B351E771CD82CB80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E1EEFF Relevance: .3, Instructions: 254COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84af679267979af983d347aced72cd7cb6a196887476cf56ad9a17c6cbe7d888
                                                                                                                        • Instruction ID: 878cb23af3a6350bf954d4178c5a2acd4654a5c4dc0d4d629278b81f8bee302c
                                                                                                                        • Opcode Fuzzy Hash: 84af679267979af983d347aced72cd7cb6a196887476cf56ad9a17c6cbe7d888
                                                                                                                        • Instruction Fuzzy Hash: C0C129B1A056488FDB04CFA9C88578EBBF1BF89304F148269D858DB35AD774D949CB81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E21816 Relevance: .2, Instructions: 247COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d5c858093c431b29f645a23dff97c23071af137f23373f22ae86f3e748476ba9
                                                                                                                        • Instruction ID: ee4abaf29e25974d2c85c3f1aac93c3a2f37e56c7b47184ac1c003f272dee530
                                                                                                                        • Opcode Fuzzy Hash: d5c858093c431b29f645a23dff97c23071af137f23373f22ae86f3e748476ba9
                                                                                                                        • Instruction Fuzzy Hash: 4B917575E042598FDB05CFE8C8A069DBBF1BB89324F29C719E8A497380D731DA428B51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A22235C Relevance: .2, Instructions: 230COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7be83580bfc2575eaacc6044e77c6e2ce9d29705b42a2534245aefe1a6cd5b78
                                                                                                                        • Instruction ID: f0761fbd49b26a542cd08d360a3c21010c8142e85fc88d85bdfe866b2147296c
                                                                                                                        • Opcode Fuzzy Hash: 7be83580bfc2575eaacc6044e77c6e2ce9d29705b42a2534245aefe1a6cd5b78
                                                                                                                        • Instruction Fuzzy Hash: 826169B1B446027BF311AE38CC90F1BBB95EFD8704F558128F948B7386D636EA1187A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E5023C Relevance: .2, Instructions: 227COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ad94163cbd485a3820f2b2698508bd4aff4105ea4421208451efe873d26d17a2
                                                                                                                        • Instruction ID: 266643c6cdafb612aa4dcbeacb2f29c0698f44024270a5fd4dc4a93060dce87c
                                                                                                                        • Opcode Fuzzy Hash: ad94163cbd485a3820f2b2698508bd4aff4105ea4421208451efe873d26d17a2
                                                                                                                        • Instruction Fuzzy Hash: EC910631A012199FDB44CFA9D484A9EBBF2BF88358F25C129E818EB315E735EC51CB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D9B0 Relevance: .1, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 37ab0d498e6869f1248f18525f82ea8c3addd781597051de19eda25eeb30940a
                                                                                                                        • Instruction ID: 382c8684cf9a3560b476f3c0be3439e748f519b75ac4ebfb263bed86336ac9cf
                                                                                                                        • Opcode Fuzzy Hash: 37ab0d498e6869f1248f18525f82ea8c3addd781597051de19eda25eeb30940a
                                                                                                                        • Instruction Fuzzy Hash: 1A319EB8508755DBDB04DF58C4A06AABBF0FF89324F24C95EEAA84B351D334C451CB42
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E15337 Relevance: .1, Instructions: 76COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 87a3deadb9d58158e10bd0d13bb27e12a41fb1a60a956b8ee286a92c2821ca3b
                                                                                                                        • Instruction ID: 28e1a2f4ec7288b6cc9663568d88951edc36634af267e108b581ab28c3048e35
                                                                                                                        • Opcode Fuzzy Hash: 87a3deadb9d58158e10bd0d13bb27e12a41fb1a60a956b8ee286a92c2821ca3b
                                                                                                                        • Instruction Fuzzy Hash: EE21D331A081098FD718CFAAC8D06DEB7F2EF9A304F25C039D815E7218E6B0E915CB60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A225B72 Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: adff344794a757cc42752aaf151bf4080dc5f27db02630eec5a5f6fb8f4f3353
                                                                                                                        • Instruction ID: aa482e532ffe50f134f8e437a8e24c73fb318f386a77a525daaea05950dd196d
                                                                                                                        • Opcode Fuzzy Hash: adff344794a757cc42752aaf151bf4080dc5f27db02630eec5a5f6fb8f4f3353
                                                                                                                        • Instruction Fuzzy Hash: 14116134A15A4A8FF764DF18EC59A04B3EAEB09331F59C2E6E94987357D3389D40DB40
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D781 Relevance: .0, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 97cbfa6a907e55dae8401866b1d15889492c98cb2e246ce72649cc570ac47a2c
                                                                                                                        • Instruction ID: 3be14e853f6d6f7a8a57e59baf3aa0a0bffb859339050ea86f3e3846f1c49e98
                                                                                                                        • Opcode Fuzzy Hash: 97cbfa6a907e55dae8401866b1d15889492c98cb2e246ce72649cc570ac47a2c
                                                                                                                        • Instruction Fuzzy Hash: 80012878A046559FCB00DFA9C4D095EBBF5FF89724B24C46AEA488B314C738E851CB92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0B431 Relevance: .0, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ba9cc90e5a21082ad6c2295b21ce38250c8b9c469be8e37a4c4f460e4ebd293f
                                                                                                                        • Instruction ID: f77352582697cf63471e0c4c8f40e3a4f494cd20e5c99f7e715a2ca9bff404d5
                                                                                                                        • Opcode Fuzzy Hash: ba9cc90e5a21082ad6c2295b21ce38250c8b9c469be8e37a4c4f460e4ebd293f
                                                                                                                        • Instruction Fuzzy Hash: 4C01F93A904650CFC7009F65C4C0699BBB5FF85319F19C16ADC584F346D734D592CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D714 Relevance: .0, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e0c3ebf914bd4d94a51e339c97bb43ea5b9a0e5b7f07c667420d66bd9099e7be
                                                                                                                        • Instruction ID: 23c8173731f4f8750f7e82a0d5cf473f1c368e3d07a63e1643a5bca77f02800b
                                                                                                                        • Opcode Fuzzy Hash: e0c3ebf914bd4d94a51e339c97bb43ea5b9a0e5b7f07c667420d66bd9099e7be
                                                                                                                        • Instruction Fuzzy Hash: 18014B74A003469BD704DF6AC4C4A4AFBB4FF88368F14C669D8088B301D374E995CBD0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A2210F9 Relevance: .0, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c0cb571f043057fe9febfc1c58cba9e309ae6da326eefaf23432372124df1c7f
                                                                                                                        • Instruction ID: 95b31b81ecd7946a83fab9201412cc9aa1f2ad23ef9bd904942def84d1490dbc
                                                                                                                        • Opcode Fuzzy Hash: c0cb571f043057fe9febfc1c58cba9e309ae6da326eefaf23432372124df1c7f
                                                                                                                        • Instruction Fuzzy Hash: 6FF08276B0093A9BE715EA55E840E42F396BBD82A0F118671C9044B709D670E9C6D9D1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A225B15 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0b54017ca1b216042ce32d40c0267898b1c635e98d5cffd7e0ffa5ac943036c5
                                                                                                                        • Instruction ID: c5aad2f59a22615a9f4dc877060b523a23f3b3129fc6b5eee9cb61f5278a990e
                                                                                                                        • Opcode Fuzzy Hash: 0b54017ca1b216042ce32d40c0267898b1c635e98d5cffd7e0ffa5ac943036c5
                                                                                                                        • Instruction Fuzzy Hash: 33F0B476D00A09CFE768DF08D994B15B3E8EB14720F05C2BADE4A87B55D239EA40DA85
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D5E6 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 603a9ca93cbafb1f4181249a4d705fd8964dc025393484f8e9e5c12118581de5
                                                                                                                        • Instruction ID: 683273e64459584920a51cd19a7e4d80a31ac76df9d38907cb404440e2cf26f0
                                                                                                                        • Opcode Fuzzy Hash: 603a9ca93cbafb1f4181249a4d705fd8964dc025393484f8e9e5c12118581de5
                                                                                                                        • Instruction Fuzzy Hash: BDF05E79A0020A9FCB00DF69D9C088EB7F9FF89224B24C065ED089B305D334E952CF91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D595 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fec887b937182efdeb275cf1860c59da708b12e60ecbd0d81ba91b53eac5727a
                                                                                                                        • Instruction ID: 44e553df0f6153727c0ccd70e02d170a2b8fbf64feb92f11989a6743949971bc
                                                                                                                        • Opcode Fuzzy Hash: fec887b937182efdeb275cf1860c59da708b12e60ecbd0d81ba91b53eac5727a
                                                                                                                        • Instruction Fuzzy Hash: 64F08934604619DBCB00EF99EDC489EBBB4FF49264F10C495ED948B354DB30D86587D1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A222716 Relevance: .0, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3747b216bb7640c08f949b015196ec800bea75b710efc7667a09099d45f6f0fe
                                                                                                                        • Instruction ID: f38dcdd5fdfbb40ec46e60c90ff50b9ab115b947fd82d0702696fcb091b86439
                                                                                                                        • Opcode Fuzzy Hash: 3747b216bb7640c08f949b015196ec800bea75b710efc7667a09099d45f6f0fe
                                                                                                                        • Instruction Fuzzy Hash: 2BF0A0B7680A098BE324CE11E880A03F3A6BB98660F118261CD081B702C530FDC2C6D0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A225ACD Relevance: .0, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d67282a457da30ecbb40882b3a9bdb813fe659884c447fe35482e18ecf4b2767
                                                                                                                        • Instruction ID: 44ff7cae10eacd741471e2646fc8176606dd24d6320413494bfaee65bac0ff3b
                                                                                                                        • Opcode Fuzzy Hash: d67282a457da30ecbb40882b3a9bdb813fe659884c447fe35482e18ecf4b2767
                                                                                                                        • Instruction Fuzzy Hash: 99E06572A41616CBD718EF84E880982F728FB4436071182A2DD049B706C338FD81CBE0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E1307A Relevance: .0, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 14736fa9179efb67357d4d22b433410e97ebfd633caaa68a2b1c40438b902975
                                                                                                                        • Instruction ID: 20361dabe9e5e624aead0c2cbcda463e1dc5d30ecc087adce6a46ccbc9e5f0dc
                                                                                                                        • Opcode Fuzzy Hash: 14736fa9179efb67357d4d22b433410e97ebfd633caaa68a2b1c40438b902975
                                                                                                                        • Instruction Fuzzy Hash: 01F01C310186858BD7098B689466BA0BFE4AB02328F28C7F9E86D0F7D7C67195C4C790
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E158CA Relevance: .0, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6fb0f00a4b6ce43e1eafe55f13756f77eaeb3198e66c972334d9a781409f15c7
                                                                                                                        • Instruction ID: 77dbb67e5b13935fb998f7bdeac757b62f4bcf2f309577294fbba61f324934a3
                                                                                                                        • Opcode Fuzzy Hash: 6fb0f00a4b6ce43e1eafe55f13756f77eaeb3198e66c972334d9a781409f15c7
                                                                                                                        • Instruction Fuzzy Hash: 6CE0EC363493485FFB40C9AAADC0A66B79AEB8D12CB24C236ED188B309D522D85146A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D945 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f6dac371d744d1f4a74433f500022962c81eca0c7d3a4d374c1a06fb4a0a0243
                                                                                                                        • Instruction ID: 49fe5c7db6ee1c100769216236de79f0150f8c1617bfc082eb282041d978b41e
                                                                                                                        • Opcode Fuzzy Hash: f6dac371d744d1f4a74433f500022962c81eca0c7d3a4d374c1a06fb4a0a0243
                                                                                                                        • Instruction Fuzzy Hash: A4F04EB9A4535D9FDB00CF0AD8C1ADABBA8FB0C260F94811AFE1857341C274A9508BE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D65B Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 80444b7a1f9c336b8ddf7ede844ef2572c4fef74faff3e978b08c37b414cddcf
                                                                                                                        • Instruction ID: 214e4a77422a75c172c9c2064a368b9d1fba0603b708cc731de69edf92eb1139
                                                                                                                        • Opcode Fuzzy Hash: 80444b7a1f9c336b8ddf7ede844ef2572c4fef74faff3e978b08c37b414cddcf
                                                                                                                        • Instruction Fuzzy Hash: EEE0E678A042495FDB00DF65D4C054AB7B5FF48258B24C165DD484B305D231E995CBC1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A222F9E Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0097000110ca4480fda5f1152f7199adb4e918a11b06752da7ac39026022d07e
                                                                                                                        • Instruction ID: 016f392f6034dc8dea31da8d015a5c6bca05ff7e38bbce8e74b402d42617ac44
                                                                                                                        • Opcode Fuzzy Hash: 0097000110ca4480fda5f1152f7199adb4e918a11b06752da7ac39026022d07e
                                                                                                                        • Instruction Fuzzy Hash: 5ED01261068602F6D325DF10E8C1BC9F753AB59740FA58508D10403318E33A95248B43
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A2233C8 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 030f45737306472040fd804f08ade6ffa5201275c9961ef35cd96cc10e73d93a
                                                                                                                        • Instruction ID: cdf729c095d7f498491cf17c56da5312fde40995034eead580cf1e22a14a2b33
                                                                                                                        • Opcode Fuzzy Hash: 030f45737306472040fd804f08ade6ffa5201275c9961ef35cd96cc10e73d93a
                                                                                                                        • Instruction Fuzzy Hash: 6FD05E79210900CFE312DBB8CA45F19F7A8FB4E220FA494E0F845DB322CD24DA009990
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D981 Relevance: .0, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7741dc5002cb162032dfd22e15b2f11181b9a78a06ce5ec405677c32640a3b74
                                                                                                                        • Instruction ID: 0770371ec9a44e43cdd5cf4ef26b08e67e6dab9ce041578c4bbee247c5ef0355
                                                                                                                        • Opcode Fuzzy Hash: 7741dc5002cb162032dfd22e15b2f11181b9a78a06ce5ec405677c32640a3b74
                                                                                                                        • Instruction Fuzzy Hash: 54E0B6B550531DAFCB00CF09D8849CABBA8FB08260F10811AFD145B301C371E910CBE0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D916 Relevance: .0, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84b9b301cd6fe802102ace05a8f3f54127e45f3cfeb9e9c857c71b75d53a3f46
                                                                                                                        • Instruction ID: 945e16ab1c4606d0450c898c0f973b63cf6ac8bb22533ea61b57455de4454874
                                                                                                                        • Opcode Fuzzy Hash: 84b9b301cd6fe802102ace05a8f3f54127e45f3cfeb9e9c857c71b75d53a3f46
                                                                                                                        • Instruction Fuzzy Hash: B1E0B6B550531DAFCB00CF09D8809CABBA8FB08364F10811AFD145B301C371E950CBE0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D8E7 Relevance: .0, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bebc2205bf665d9e62f953e7dddfa37ec45d91e25232bda72014aaaf6124a9de
                                                                                                                        • Instruction ID: 3559d1c802e24a9b256d38bd1c0691e015ce79746017865ea9437725e8f07286
                                                                                                                        • Opcode Fuzzy Hash: bebc2205bf665d9e62f953e7dddfa37ec45d91e25232bda72014aaaf6124a9de
                                                                                                                        • Instruction Fuzzy Hash: DCE002B950535DAFDB00CF09D894ADABBA8FB09264F50811AFD1857301C375E961CBE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D8B8 Relevance: .0, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4bc46c8122d7ec2c0d3e85d99e06002b58141c25f7dac85a939e33f12ea64f0c
                                                                                                                        • Instruction ID: 0c6bb8ec670fbf06178dafeec3c5f151ae9a42d8b6ea8cc00f9de22d3b6fc0e1
                                                                                                                        • Opcode Fuzzy Hash: 4bc46c8122d7ec2c0d3e85d99e06002b58141c25f7dac85a939e33f12ea64f0c
                                                                                                                        • Instruction Fuzzy Hash: 83E0B6B550531DAFCB00CF09D880ACABBA8FB08260F10811AFD145B300C371E910CBE0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E2D635 Relevance: .0, Instructions: 14COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                                                                                                        • Instruction ID: e794d2b72a1fc6c6090aef49fcd2ae8b4ab6f64d521491744c60cc3bf2b3839a
                                                                                                                        • Opcode Fuzzy Hash: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                                                                                                        • Instruction Fuzzy Hash: 8ED092B8909349AFCB00EF29C48544EBBE4BF88258F40C82DFC98C7311E274E8408F92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E038DC Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 40af0c36dbf5a0f884e18cc3b6e49f381d70d038c9458a678f14876bb3249447
                                                                                                                        • Instruction ID: 5d8a4dcf50b240acca679c383b9083a7302e11f974503154b2c6ec1cc823b236
                                                                                                                        • Opcode Fuzzy Hash: 40af0c36dbf5a0f884e18cc3b6e49f381d70d038c9458a678f14876bb3249447
                                                                                                                        • Instruction Fuzzy Hash: D9C01230244308CFEB40CAAED480A62B3E9BB44A24F50C0A0E808CB340DA30F9118690
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 2A226480 Relevance: .0, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1670894968.000000002A221000.00000040.00001000.00020000.00000000.sdmp, Offset: 2A221000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_2a221000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                                                        • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                                                                        • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                                                        • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E038CA Relevance: .0, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                                                                                                        • Instruction ID: 67d68dba2000bb8482a24fc023f268fc16b477c73c548bd02e1b99648bc578f6
                                                                                                                        • Opcode Fuzzy Hash: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                                                                                                        • Instruction Fuzzy Hash: C9B09B2071430D565708CE549440977779DB784905724C455D81C85505E735E59152D0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E037F3 Relevance: .0, Instructions: 8COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c758f56ce800b0edb1a3b6b4920dd8d203c929418ffadd695cc457fe8d80d330
                                                                                                                        • Instruction ID: de6271d013a038b850d850acc4260bf908e6486e870890920c4c51f453ae2ee2
                                                                                                                        • Opcode Fuzzy Hash: c758f56ce800b0edb1a3b6b4920dd8d203c929418ffadd695cc457fe8d80d330
                                                                                                                        • Instruction Fuzzy Hash: C7B0123B11030CCB4700DD0DD441CC1B3D8F708E127C104D0E41087701D669F800C685
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0FD8A Relevance: 30.3, APIs: 13, Strings: 7, Instructions: 320COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                        • API String ID: 1475443563-1713922985
                                                                                                                        • Opcode ID: 9706f2438f5f9958a9f504a1a89414024658d7dc0fe24dd8d85b57cc53bebf8a
                                                                                                                        • Instruction ID: 14175bb5b9193900e4a9b0b479f9e4e43aad601f0e58a5cb96228bda6cff1173
                                                                                                                        • Opcode Fuzzy Hash: 9706f2438f5f9958a9f504a1a89414024658d7dc0fe24dd8d85b57cc53bebf8a
                                                                                                                        • Instruction Fuzzy Hash: D0D127B0E09306CBDB01DF94C58269EBBF4AF85348F31C81AD8909B354D779D9668B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0FFDF Relevance: 28.8, APIs: 12, Strings: 7, Instructions: 293COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                        • API String ID: 1475443563-1713922985
                                                                                                                        • Opcode ID: b669a7a1187de0fce9b6595f66bcea219431e2422beeabc80f0d4f1047ca061f
                                                                                                                        • Instruction ID: 8af95de5a1172c954fa437990dc91da2b279e7fac1ed370a937824a3edc9c215
                                                                                                                        • Opcode Fuzzy Hash: b669a7a1187de0fce9b6595f66bcea219431e2422beeabc80f0d4f1047ca061f
                                                                                                                        • Instruction Fuzzy Hash: EFC137B0E0C3068BDB009F94C58269EBBF4AF85348F31C81EE894DB754D779D5A68B52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0FEFD Relevance: 27.3, APIs: 11, Strings: 7, Instructions: 287COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                        • API String ID: 1475443563-1713922985
                                                                                                                        • Opcode ID: ed99b8ed2c93518955057c8a185e88c665ba01599eeeff3c7ab09e33224a8f47
                                                                                                                        • Instruction ID: 3235e3b978ee00cfabdc0942405c464718558a8f08fb1430455de202698b3b76
                                                                                                                        • Opcode Fuzzy Hash: ed99b8ed2c93518955057c8a185e88c665ba01599eeeff3c7ab09e33224a8f47
                                                                                                                        • Instruction Fuzzy Hash: 1EC127B0D083068BDB00DF94C58269EBBF4AF85348F31C81ED890DB754D779D9A68B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E100D7 Relevance: 27.3, APIs: 11, Strings: 7, Instructions: 280COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                        • API String ID: 1475443563-1713922985
                                                                                                                        • Opcode ID: 5306eb8679e29c7ccae58c152c61b3cb2e43ab0ad82d1b8259ffa351aff7fd54
                                                                                                                        • Instruction ID: a6745917a23cee73da34d97950539bfd860ce037a133a9b2c34405b562b65f13
                                                                                                                        • Opcode Fuzzy Hash: 5306eb8679e29c7ccae58c152c61b3cb2e43ab0ad82d1b8259ffa351aff7fd54
                                                                                                                        • Instruction Fuzzy Hash: 90C127B0E083068BDB00DF94C58669EBBF4AF85348F31C81ED890DB754D779D5A68B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0FBCF Relevance: 25.8, APIs: 10, Strings: 7, Instructions: 268COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                        • API String ID: 1475443563-1713922985
                                                                                                                        • Opcode ID: e540365b7fd7f9443dd82ee147f8b9093e47f334e53584792075e5945152a348
                                                                                                                        • Instruction ID: 60f9232e79ba8c46656df14b30f4429a15bc78d1e5e1648a3d40d26d176db9d4
                                                                                                                        • Opcode Fuzzy Hash: e540365b7fd7f9443dd82ee147f8b9093e47f334e53584792075e5945152a348
                                                                                                                        • Instruction Fuzzy Hash: 6EB128B0D0D3068BDB00CF94C58669EBBF4AF85348F31C81AD890DB754D779D9A68B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0FC61 Relevance: 25.8, APIs: 10, Strings: 7, Instructions: 259COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                        • API String ID: 1475443563-1713922985
                                                                                                                        • Opcode ID: 0a817a664abe7669e1f9b819d607d3cf4ee08d2d7d4e2fd3f7bc486b0ed951a3
                                                                                                                        • Instruction ID: 2b4bda0a5a7416114e6a254efe1c2f62446bd14a06bd16ad799116575b7de764
                                                                                                                        • Opcode Fuzzy Hash: 0a817a664abe7669e1f9b819d607d3cf4ee08d2d7d4e2fd3f7bc486b0ed951a3
                                                                                                                        • Instruction Fuzzy Hash: 03B126B0D0C3068BDB00DF94C58269EBBF4AF85348F31C81AD890DB754D779D9A68B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0FD37 Relevance: 24.2, APIs: 9, Strings: 7, Instructions: 248COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                        • API String ID: 1475443563-1713922985
                                                                                                                        • Opcode ID: c54270305458f61258e2551f56d469756e9d85375da6b675864f5ba64181ee46
                                                                                                                        • Instruction ID: c635636e61c9daa50d7aef90f17bbd02a00a8acd362d6d180f064c5e09d29bb5
                                                                                                                        • Opcode Fuzzy Hash: c54270305458f61258e2551f56d469756e9d85375da6b675864f5ba64181ee46
                                                                                                                        • Instruction Fuzzy Hash: B0A126B0D0C306CBDB00CF94C58669EBBF4AB85348F31C81AD894DB754D779D9A68B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E0FCE9 Relevance: 24.2, APIs: 9, Strings: 7, Instructions: 248COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                        • API String ID: 1475443563-1713922985
                                                                                                                        • Opcode ID: c1250c06479d443b50863cfaca24b1a96d4c7a6c86a02d8b32de734b66d4155d
                                                                                                                        • Instruction ID: 52be5bc32e4a241d7d631e7d354cb647d2df2ea9c6509ea900c66bb21baa7349
                                                                                                                        • Opcode Fuzzy Hash: c1250c06479d443b50863cfaca24b1a96d4c7a6c86a02d8b32de734b66d4155d
                                                                                                                        • Instruction Fuzzy Hash: 9DA127B0D0C306CBDB00DF94C58669EBBF4AB85348F31C81AD890DB754D779D9A68B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E970B9 Relevance: 16.9, APIs: 1, Strings: 10, Instructions: 447COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • memcmp.MSVCRT ref: 61E97281
                                                                                                                          • Part of subcall function 61E0AE03: free.MSVCRT ref: 61E0AE3D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: freememcmp
                                                                                                                        • String ID: = ?$ AND $ IS ?$ SET $ WHERE $UPDATE main.$bua$bua$idx IS CASE WHEN length(?4)=0 AND typeof(?4)='blob' THEN NULL ELSE ?4 END $sqlite_stat1
                                                                                                                        • API String ID: 1183899719-1341641573
                                                                                                                        • Opcode ID: b86365f922c0d80dc9959b963b1a5d42ddbc3d3dcbe52cbd35ddb153b41ba2b7
                                                                                                                        • Instruction ID: 0d5b731b4e6e71452f02b40a28acc7cf76705435dae47c5a45c9821af7cd2139
                                                                                                                        • Opcode Fuzzy Hash: b86365f922c0d80dc9959b963b1a5d42ddbc3d3dcbe52cbd35ddb153b41ba2b7
                                                                                                                        • Instruction Fuzzy Hash: AE12E774E04259DBDB04CF98D480A9DBBF2BF88308F25C869E855AB351D774E886CF81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E3C943 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 360stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: strncmp
                                                                                                                        • String ID: -$-$0$]$false$null$true$}
                                                                                                                        • API String ID: 1114863663-1443276563
                                                                                                                        • Opcode ID: 4366ec816b9fce7022b57502cc8f689d133e39cff5fe7996cab8ff7cfed47eb1
                                                                                                                        • Instruction ID: 7d0d7d581299a88f4ecf4101ed3cb2921062378b47abb911dec42016596cbabc
                                                                                                                        • Opcode Fuzzy Hash: 4366ec816b9fce7022b57502cc8f689d133e39cff5fe7996cab8ff7cfed47eb1
                                                                                                                        • Instruction Fuzzy Hash: 4BD1DF70B482768ADB12CFA8C4443DABBF2AFCA318F69C25BD4919B281D739D446C751
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E44905 Relevance: 13.8, APIs: 6, Strings: 3, Instructions: 346COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: @$access$cache
                                                                                                                        • API String ID: 1475443563-1361544076
                                                                                                                        • Opcode ID: d5536d11e1446137f876ee1720edd4e4232c55533b5c63909df9ac41a168e106
                                                                                                                        • Instruction ID: bf7f6bc55254c54d21197c9aa673ce015ae0bdc4e4658c964804263f7089fac0
                                                                                                                        • Opcode Fuzzy Hash: d5536d11e1446137f876ee1720edd4e4232c55533b5c63909df9ac41a168e106
                                                                                                                        • Instruction Fuzzy Hash: FDD16FB4A083558FEB11CFA4D48039EBBF1AF89318F28C45ED895AB341E339D841DB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E241D7 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 180stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: strcmp
                                                                                                                        • String ID: ya$ya$(blob)$NULL$Xya$bua$bua$program
                                                                                                                        • API String ID: 1004003707-2454903709
                                                                                                                        • Opcode ID: a6b2441489b3eea19d207b247f0247f0001f19373451080d8235a064463bd687
                                                                                                                        • Instruction ID: 4befd86826370bfd8630e1afa8d422750160e2b9b2ea18a9ced5634f5bcee847
                                                                                                                        • Opcode Fuzzy Hash: a6b2441489b3eea19d207b247f0247f0001f19373451080d8235a064463bd687
                                                                                                                        • Instruction Fuzzy Hash: 3B7115B49097469FC708CF58C191A59BBF0BF8A304F25C85EE8A89B751D335D882CF92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EAFA90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109filememoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$ProtectQueryabortfwritevfprintf
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 1503958624-2766056989
                                                                                                                        • Opcode ID: c2659c9de0e6f83528643800fc17f210c5c049cf07d0f7c16b155af3332bfc43
                                                                                                                        • Instruction ID: e02739713456e9e2b4b58c9f61bb7aa4e21306e92e7ace3c3799b12748f41957
                                                                                                                        • Opcode Fuzzy Hash: c2659c9de0e6f83528643800fc17f210c5c049cf07d0f7c16b155af3332bfc43
                                                                                                                        • Instruction Fuzzy Hash: 9A412AB1A547029FD700DF68D58464ABBF0FB89758F64C92DE8A98B340E734E884CB52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E01040 Relevance: 10.6, APIs: 7, Instructions: 132sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep_amsg_exit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1015461914-0
                                                                                                                        • Opcode ID: a124d45cb5394699c2ab659ebe120ec1ccf49b51c805edf607fecf4702c5277b
                                                                                                                        • Instruction ID: a154691f748ef5392a7e4955094c5928503ae470ce452f5208c2c148eeae8840
                                                                                                                        • Opcode Fuzzy Hash: a124d45cb5394699c2ab659ebe120ec1ccf49b51c805edf607fecf4702c5277b
                                                                                                                        • Instruction Fuzzy Hash: 13414F71B146818FEB00AFE8C98470BB7F1EB85399F64C53DE4A48B344D775D9918B82
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E01440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: _Jv_RegisterClasses$libgcj-16.dll
                                                                                                                        • API String ID: 1646373207-328863460
                                                                                                                        • Opcode ID: 659acb1d45e1fe859de50aa712dc5e6a1f27a03cf8697e99cf940ea6467707a5
                                                                                                                        • Instruction ID: ecefe885db533eab1004145bf0edfd2de441c317d2227bbbfd891c436449bb9f
                                                                                                                        • Opcode Fuzzy Hash: 659acb1d45e1fe859de50aa712dc5e6a1f27a03cf8697e99cf940ea6467707a5
                                                                                                                        • Instruction Fuzzy Hash: CBE06DB4914B029BEB017FF4850633EBAF5AFC570AF72C42CD4808A290EA30C4818763
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E3720A Relevance: 6.4, APIs: 3, Strings: 1, Instructions: 359COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 1475443563-4108050209
                                                                                                                        • Opcode ID: ee72bea6c10e4d6b48cf337b5d82551d333533315d2e2aca538cef0d56a0c932
                                                                                                                        • Instruction ID: 3f20ce3ba2961136da7f3248cde08971803f4c449cb9daae0617fd169a942f67
                                                                                                                        • Opcode Fuzzy Hash: ee72bea6c10e4d6b48cf337b5d82551d333533315d2e2aca538cef0d56a0c932
                                                                                                                        • Instruction Fuzzy Hash: 6CE112B0E04269CBDB41CFA8C99078DBBF1BF89318F258569D859AB345D734E886CF41
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E40BB5 Relevance: 6.4, APIs: 5, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: memcmp
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1475443563-0
                                                                                                                        • Opcode ID: 8cc521fb16cdd100886a572f5b312f8a70bae0a598922c27761b03018ed4fb84
                                                                                                                        • Instruction ID: fd79a925e1d847c1357e69ee8e74f21d123acc92255d85b94bee504056160bb0
                                                                                                                        • Opcode Fuzzy Hash: 8cc521fb16cdd100886a572f5b312f8a70bae0a598922c27761b03018ed4fb84
                                                                                                                        • Instruction Fuzzy Hash: C0414EB0A083058BE7049FA9D68439EBAF5EFD5358F25C83DE898CB384D775D4458B42
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61E3D021 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 293stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: strncmp
                                                                                                                        • String ID: #$-$]
                                                                                                                        • API String ID: 1114863663-3149169660
                                                                                                                        • Opcode ID: f99a3957d435e7ea3bb32a2a14cb1bf4f5c1a1f05ad08d6a5497aa7015d5eb71
                                                                                                                        • Instruction ID: 1c490b0b60c0b5d90f91e160a7bf365b8f8ab346ded86ed4ccdc7e106188df17
                                                                                                                        • Opcode Fuzzy Hash: f99a3957d435e7ea3bb32a2a14cb1bf4f5c1a1f05ad08d6a5497aa7015d5eb71
                                                                                                                        • Instruction Fuzzy Hash: 82D15774D082698BDB01CF98C18479DFBF2BF89748FA9C059D854AB292D335E986CF50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EAF6D0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __dllonexit_lock_onexit_unlock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 209411981-0
                                                                                                                        • Opcode ID: 14a068eb5279b83cbe249a705044353e42ef401f74677ddee49b1cb2808ff91a
                                                                                                                        • Instruction ID: d8116788f2c50d2f41c70b1de34e9b41b7999a481f31fa547576aa82505b99b8
                                                                                                                        • Opcode Fuzzy Hash: 14a068eb5279b83cbe249a705044353e42ef401f74677ddee49b1cb2808ff91a
                                                                                                                        • Instruction Fuzzy Hash: 7D1155B5A197418FCB40EF74D48455EBBE0AB89254F618D2EE4E5CB350E738D5848B82
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EAFAF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$ProtectQuery
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 1027372294-2766056989
                                                                                                                        • Opcode ID: 291e62d0b65acdb3804ba4f4353593b383c4c3d38d689e226719f6992fe71c3d
                                                                                                                        • Instruction ID: d36ff6d444c1f5105915669b8fb698cf4239ff4a3251c649fd02843d9bfa6c4b
                                                                                                                        • Opcode Fuzzy Hash: 291e62d0b65acdb3804ba4f4353593b383c4c3d38d689e226719f6992fe71c3d
                                                                                                                        • Instruction Fuzzy Hash: C0316DB2A447018FE710DF68D99464AFBF0FB44358F55C92DD8A98B340E734E844CB92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 61EAFEE0 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1679060356.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1679029833.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679437133.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679467307.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679528779.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679557946.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679586624.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1679631178.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_61e00000_all the necessary information.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 682475483-0
                                                                                                                        • Opcode ID: a187a0561b15ac659cc27c31303386dc53fb4f2523cc2de19bd987d58d59314a
                                                                                                                        • Instruction ID: 3c942bbf6517c0ec0331f125ad054bd991ea38a51cb55fe1ac34f487ea1a944f
                                                                                                                        • Opcode Fuzzy Hash: a187a0561b15ac659cc27c31303386dc53fb4f2523cc2de19bd987d58d59314a
                                                                                                                        • Instruction Fuzzy Hash: C0F081B6A016008FDB00BFB9A98951A7BA8EB46A44B19416CD9548B309D730E885CBE3
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%